The UserList subkey stores entries that associate a Kerberos security principal to a local Windows 2000 user account.

Computers running Windows 2000 can use a non-Windows Kerberos server to administer authentication, instead of using a Windows 2000 domain for Kerberos authentication. For ease of use, the system lets you map a Kerberos security principal, such as the name of a principal or a realm, to a local Windows user account.

This subkey stores mappings you enter when you use the /MapUser command in Kerberos Setup (Ksetup.exe), a tool included with the Windows 2000 Support Tools. Ksetup adds the entries to the registry.

All entries in this subkey have the following format, where * indicates all users.

Kerberos-name or * REG_SZ Local-name or *

For example, if you enter the following mapping command in Ksetup:

ksetup /mapuser  Guest

then Ksetup adds the following entry to the UserList subkey: REG_SZ Guest

Change method

To change the value of this entries in this subkey, use Kerberos Setup (Ksetup.exe), a tool included in Windows 2000 Support Tools. Do not edit the registry.

Tip Image Tip

For more information about KSetup.exe, see Tools Help in the Windows 2000 Support Tools. For more information about Kerberos interoperability features, see MIT Kerberos v5 (krb5 1.0) Interoperability on the Windows 2000 Server Security Services Web site.