The Kerberos client pre-authenticates to the KDC (recommended) by default; however, you may need to disable pre-authentication if it isn't compatible with KDCs in your network.
During pre-authentication, the Kerberos client prompts the user for a password, and then using a key derived from the password, encrypts a timestamp, which it includes in its authentication request to the KDC. If the KDC can decrypt the timestamp with the user's key (derived from the same password using the same algorithm), it proves that the user knows the password.
To disable pre-authentication
Start Kerberos Manager.
From the
menu, choose .From the
tab, select a realm from the , and then click .Click the
tab.From the
box, select None, and then click .