The Kerberos client pre-authenticates to the KDC (recommended) by default; however, you may need to disable pre-authentication if it isn't compatible with KDCs in your network.
During pre-authentication, the Kerberos client prompts the user for a password, and then using a key derived from the password, encrypts a timestamp, which it includes in its authentication request to the KDC. If the KDC can decrypt the timestamp with the user's key (derived from the same password using the same algorithm), it proves that the user knows the password.
To disable pre-authentication
Start Kerberos Manager.
From themenu, choose .
From thetab, select a realm from the , and then click .
From thebox, select None, and then click .