Use of Kerberos unreliable, can I force it?

N

NoelByron@gmx.net

Hi!

I had to learn that it is easily possible for clients in our network
to work without Kerberos (tickets). Mostly because they boot their
computer without a network connection. Those users have no Kerberos
tickets (of course) but they don’t get Kerberos tickets even after
connection to our network (bug or feature?). There are also some other
scenarios in which Windows relinquishes Kerberos. The problem is that
we have some web applications that require a Kerberos ticket.

My question: How can I switch on Kerberos as soon as they connect to
the network? Or how can I force Kerberos authentication in a web
application (SharePoint). Integrated Windows Authentication means NTLM
or Kerberos…

Tips would be highly appreciated. Thanks in advance!

Best regards,
Noel
 
S

S. Pidgorny

You can't. We have been asking this of Microsoft for quite a while now.

As to the users not getting tickets after connecting to the network, that is
a problem. Maybe related to your configuration but also can be caused by a
bug - there are quite a few KB articles and hotfixes for Kerberos.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

<NoelByron@gmx.net> wrote in message
news:9df4479f-db82-45ab-9eed-4c81f7b6ea4b@56g2000hsm.googlegroups.com...
Hi!

I had to learn that it is easily possible for clients in our network
to work without Kerberos (tickets). Mostly because they boot their
computer without a network connection. Those users have no Kerberos
tickets (of course) but they don’t get Kerberos tickets even after
connection to our network (bug or feature?). There are also some other
scenarios in which Windows relinquishes Kerberos. The problem is that
we have some web applications that require a Kerberos ticket.

My question: How can I switch on Kerberos as soon as they connect to
the network? Or how can I force Kerberos authentication in a web
application (SharePoint). Integrated Windows Authentication means NTLM
or Kerberos…

Tips would be highly appreciated. Thanks in advance!

Best regards,
Noel
 
You must log in or register to reply here.

Similar threads

B
  • Article
Announcing Windows 11 Insider Preview Build 25951 (Canary Channel)
Replies
0
Views
106
Brandon LeBlanc
B
B
  • Article
Announcing Windows 11 Insider Preview Build 25992 (Canary Channel)
Replies
0
Views
77
Brandon LeBlanc
B
B
  • Article
Releasing Windows 10 Build 19044.1806 to Release Preview Channel
Replies
0
Views
263
Brandon LeBlanc
B
N
  • Article
Unlock business potential with new 5G and Copilot+ PCs from Surface
Replies
0
Views
46
Nancie Gaskill, General Manager, Surface
N
Y
  • Article
How to prepare for Windows 10 end of support by moving to Windows 11 today
Replies
0
Views
23
Yusuf Mehdi, Executive Vice President, Consumer
Y
Back
Top Bottom