Skip to content Skip to site navigation Skip to service navigation

Install Kerberos for Windows


Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications. It was created by the Massachusetts Institute of Technology (MIT). Kerberos for Windows installs Kerberos on your computer and configures it for use on the Stanford network. Stanford services that require Kerberos authentication include Stanford OpenAFS.

Network Identity Manager (NIM) is the name of the user interface that manages your Kerberos authentication status. Your Kerberos credentials are established by logging into Network Identity Manager with your SUNet ID and corresponding password.

By default, Network Identity Manager automatically starts when log in to Windows.. When Network Identity Manager is running, the NIM icon Network Identity Manager icon appears in the notification area at the far right of the taskbar.

Installing Kerberos for Windows

  1. Download and run the Kerberos for Windows installer.
  2. At the prompt, click Yes to continue with the installation.

    install Kerberos prompt

  3. At the Welcome window, click Next to continue.

    Kerberos setup wizard welcome page

  4. Select the option to accept the terms of the license agreement and then click Next.

    license agreement

  5. Choose Typical as the setup type and click Next if it is enabled.

    choose setup type

  6. If the Next button in the Setup Type window is disabled, you may need to close one or more running processes. Click Next to allow the Setup Wizard to close them for you.
    close running porcesses

  7. Click Install to start the installation.

    begin installation

  8. Click Finish to close the Setup Wizard.

    finish setup
  9. For Windows Vista Users Only: Before you can use Kerberos for Windows, you must log off of your Windows user account and then log back on. When the Log-off dialog box appears, click Yes to automatically log off of your Windows user account now or click No to manually log off of your Windows user account later.

    Windows Vista logoff prompt

Obtaining new credentials (authenticating with Kerberos)

You will need to get Kerberos credentials before you can use applications requiring Kerberos authentication. If you open an application that requires Kerberos authentication and you do not have credentials, the New Credentials window will open automatically.

Tip:The New Credentials window may open behind that application's window. If your application appears to hang when you open it, check behind it see if you are being prompted to log in.

  1. Click the Network Identity Manager icon Network Identity Manager iconin the system tray.
  2. You will be prompted for your username, realm, and password. Enter the following information and then click OK:
    • Username: your SUNet ID
    • Realm:
    • Password: your SUNet ID password

    new credentials login window

Managing your Kerberos credentials

The Network Identity Manager menu provides several options to help you manage your Kerberos credentials. To access the menu, right-click the Network Identity Manager icon Network Identity Manager icon.

Network Identity Manager shortcut menu

The following commands are available on the Network Identity Manager menu:

Show Network Identity Manager window
Displays a status window that shows how much time is left before your credentials expire. Credentials are valid for 1 day and 1 hour (25 hours).
Obtain new credentials
Displays the New Credentials window, which allows you to log in to Kerberos.
Renews your credentials for another 25 hours without you having to enter your password. The maximum renewable time without having to re-enter your password is one week.
Import Credentials
Not used at Stanford.
Destroys your credentials, thereby logging you out of Kerberos. Quitting an authenticated application does not destroy your credentials.
Set Default
Displays your network network identities and, if you have multiple network identities, you can select one as the default. When Kerberos for Windows is first installed, your default identity is your
Change password
Changes your SUNet ID password. This has the same effect as changing your password using StanfordYou.
Help Contents
Displays the Network Identity Manager online help.
About Network Identity Manager
Displays the Network Identity Manager version number, which is not the same as the Kerberos for Window version number.
Closes Network Identity Manager and removes the icon from the notification area. Exiting does not destroy your credentials so you may still be logged in to Kerberos. To restart Network Identity Manager, click the Windows Start menu and navigate to All Programs > Kerberos for Windows > Network Identity Manager.
Last modified May 10, 2016