TipHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<Realm-name>
| Data type | Range | Default value |
|---|---|---|
| REG_MULTI_SZ | Comma-separated list of computer names | (There is no default value for this entry. You must specify at least one password server when you create a realm.) |
Lists the computer names of Kerberos Change Password Protocol Servers for the Kerberos realm. These servers communicate on port 464.
This entry stores the values you enter when you use the
Computers running Windows 2000 can use a non-Windows Kerberos server to administer authentication, instead of using a Windows 2000 domain for Kerberos authentication. These systems participate in a Kerberos realm instead of a Windows domain, and the names of the KDC password servers are stored in this entry in the registry, instead of on a domain controller.
To change the value of this entry, use Kerberos Setup (Ksetup.exe), a tool included in Windows 2000 Support Tools. Do not edit the registry.
Tip
For more information about KSetup.exe, see Tools Help in the Windows 2000 Support Tools. For more information about Kerberos interoperability features, see MIT Kerberos 5 (krb5 1.0) Interoperability on the Windows 2000 Server Security Services Web site.
Caution
This entry is required for a Kerberos realm. If it does not appear in the registry, users cannot change their Windows 2000 passwords.