Kerberos Client

Applies To: Windows Server 2008

Kerberos clients are applications acting on behalf of users who need access to a resource, such as opening a file, querying a database, or printing a document. Every Kerberos client requests authentication before the resource is accessed. Once the client is recognized as trusted, a secure session between the client and the service hosting the resource is established.


The following is a list of all aspects that are part of this managed entity:

Name Description

KDC Certificate Availability

The Kerberos ticket exchange is encrypted from the Kerberos client to the Kerberos Key Distribution Center (KDC) by using a domain controller certificate, also known as the KDC certificate.

Kerberos Client Configuration

If the client computers are joined to an Active Directory domain, the Kerberos client is configured to request ticket-granting tickets (TGTs) from the Kerberos Key Distribution Center (KDC) automatically. On successful receipt of the ticket, the Kerberos client caches the ticket on the local computer.

Kerberos Smart Card Configuration

The Kerberos client can be configured to use smart card authentication for user accounts on an organization's network.

Stored Password Configuration

A user account's password or personal identification number (PIN) can be stored on the local computer, which allows the user to log on to the computer without entering a password or PIN.

Core Security