Re: Kerberos Security - How to switch off
From: Joshua Heslinga (jheslinga@attbi.com)
Date: 07/31/02
- Next message: Joshua Heslinga: "Re: allowing non admins to change IP address"
- Previous message: Mike Mellinger: "Re: Microsoft CA vs. Cisco SCEP protocol"
- In reply to: Lee Steventon: "Kerberos Security - How to switch off"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joshua Heslinga" <jheslinga@attbi.com> Date: Tue, 30 Jul 2002 21:25:29 -0400
You can't disable Kerberos. It is the default authentication mechanism in
Windows 2000.
I haven't tried this, but since the key is that the client has the same time
as the server to which it's logging on:
If you want a PC to be "in the future" / past / whatever and still able
to log in, put it and a domain controller on a separate network. Set both to
have the same time.
Joshua Heslinga
"Lee Steventon" <lsteventon@hotmail.com> wrote in message
news:29ce01c237b8$2003b820$19ef2ecf@tkmsftngxa01...
> Hi,
>
> We are trying to perform some "timeshift" testing in our
> organization which requires us to change the date and time
> on a local PC within an AD. This is necessary as we need
> to see the effects on customer accounts when the date is
> rolled forward (anywhere up to 10 years). When we roll
> back the date and attempt to log back on with the same
> domain account, we are locked out because of changes made
> to the Active Directory in "the future".
>
> Is this Kerberos locking us down because of the timestamp
> on the account and if so, how can we "disable" kerberos ?
>
> Kindest Regards
- Next message: Joshua Heslinga: "Re: allowing non admins to change IP address"
- Previous message: Mike Mellinger: "Re: Microsoft CA vs. Cisco SCEP protocol"
- In reply to: Lee Steventon: "Kerberos Security - How to switch off"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
