Use GSSAPI with X-Win32
While Kerberos is a standard protocol, there are currently two different implementations of the Kerberos client which are incompatible: MIT Kerberos client for Windows, and Microsoft Kerberos Client via Single Sign On. These protocols store the Kerberos tickets in different ticket caches which currently cannot communicate with each other. X-Win32 uses the Microsoft Single Sign On Client.
Instructions to configure your Windows machine to use Microsoft Single Sign On are as follows:
Configure the KDC (this will need to be done by a Kerberos administrator on a UNIX host
- kadmin
- addprinc -pw password -policy hosts -e des-cbc-crc:normal host/FQDNworkstation_name
Configure workstation (you must have administrator privileges to do this)
- Open a command prompt as an administrator
- Set realm: ksetup /SetRealm REALM.EXAMPLE.COM
- Set KDC: ksetup /AddKDC KDC.EXAMPLE.COM kdc.host.com
- Set the local machine password: ksetup /SetComputerPassword password (must match password above)
- Set up user mapping: ksetup /mapuser * * (can also map user@EXAMPLE.com to user)
- Set up delegation: ksetup /SetRealmFlags EXAMPLE.COM delegate
- Reboot
At this point, you will be able to login as user@EXAMPLE.COM using your Kerberos password. You now can use Kerberos with Single Sign On in Windows