Skip to content Skip to site navigation Skip to service navigation

Install Kerberos for Windows


Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications. It was created by the Massachusetts Institute of Technology (MIT). Kerberos for Windows installs Kerberos on your computer and configures it for use on the Stanford network. Stanford services that require Kerberos authentication include OpenAFS for Stanford.

Network Identity Manager (NIM) is the name of the user interface that manages your Kerberos authentication status. Your Kerberos credentials are established by logging into Network Identity Manager with your SUNet ID and password.

The Kerberos for Windows installer installs the the 64-bit version on 64-bit Windows operating systems and the  32-bit version on 32-bit Windows operating systems .

Installation instructions for 64-bit Kerberos for Windows

  1. Download and run the Kerberos for Windows installer.
  2. If existing production versions of Kerberos for Windows and OpenAFS are installed on your computer, the new Kerberos for Windows installer requires that you uninstall them first. If issues are found, a dialog box will display. Click Download Software Remove Tool, run the tool, select Kerberos for Windows and/or Stanford Open AFS and then click Remove. The program will then delete itself and restart your computer.

    run Software Removal Tool to delete old versions of Kerberos and OpenAFS
  3. If you had to resolve issues, double-click the Kerberos for Windows installer file to run it. It's typically located in your Downloads folder or on your desktop.
  4. Click Continue to start the installation.

    click Continue to start the installation process
  5. After you install Kerberos for Windows you'll need to restart your computer for the configuration changes to take effect. Click Yes to restart now or No to restart later.

    message saying you must restart computer for configuration changes to take effect

Obtain new credentials (authenticating with Kerberos) — 62-bit

Credentials are valid for 1 day and 1 hour (25 hours).

  1. Click the Network Identity Manager icon Network Identity Manager icon in the notification area to open the Network Identity Manager application. Alternatively, you can open Network Identity Manager from your list of programs.
  2. The Obtain new credentials window displays. If your username is listed as SUNet ID, enter your SUNet ID password and click Finish.

    obtain new credentials by entering your SUNet ID password
  3. If your SUNet ID is not displayed, click the Kerberos Principal arrow and click Choose an identity.

    choose to specify a new identity that is not listed
  4. Enter your SUNet ID or, etc. and then click Next.

    enter the username you want to use to obtain new credentials
  5. View the Kerberos v5 Credential Options and change any you wish. Then, click Next.
  6. Enter the password for the username and then click Finish.

Installation instructions for 32-bit Kerberos for Windows

  1. Download and run the Kerberos for Windows installer.
  2. At the prompt, click Yes to continue with the installation.

    install Kerberos prompt
  3. At the Welcome window, click Next to continue.

    Kerberos setup wizard welcome page
  4. Select the option to accept the terms of the license agreement and then click Next.

    license agreement

  5. Choose Typical as the setup type and click Next if it is enabled.

    choose setup type
  6. If the Next button in the Setup Type window is disabled, you may need to close one or more running processes. Click Next to allow the Setup Wizard to close them for you.

    close running porcesses
  7. Click Install to start the installation.

    begin installation
  8. Click Finish to close the Setup Wizard.

    finish setup

Obtain new credentials (authenticating with Kerberos) — 32-bit

You will need to get Kerberos credentials before you can use applications requiring Kerberos authentication. If you open an application that requires Kerberos authentication and you do not have credentials, the New Credentials window opens automatically.

Tip: The New Credentials window may open behind that application's window. If your application appears to hang when you open it, check behind it see if you are being prompted to log in.

  1. Click the Network Identity Manager icon Network Identity Manager iconin the system tray or open the Network Identity Manager application.
  2. You will be prompted for your username, realm, and password. Enter the following information and then click OK:
    • Username: your SUNet ID
    • Realm:
    • Password: your SUNet ID password

    new credentials login window
  3. Credentials are valid for 1 day and 1 hour (25 hours).
Last modified February 25, 2019