Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Create a user account in your Active Directory, named after the machine, where PowerFolder Server will be installed.
  2. Set a password for the new user account.
  3. Right-click the user account and go to Properties > Account > Account options and enable the checkbox for This account supports Kerberos AES 128 bit encryption.
  4. Open a command prompt and enter the following two commands:

    Code Block
    titleConfiguration of the Domain Controller
    setspn -a service/fqdn@REALM username
    ktpass /princ "service/fqdn@REALM" /ptype KRB5_NT_SRV_HST /crypto AES128-SHA1 /mapuser "username"

    (info)(info) The Service Principal Name service/fqdn@realm is comprized is comprised of three parts. In this schema service indicates the name of the software service. It is simply a name and can be something as httpHTTP, ldap or powerfolder. We recommend krbsrvpf as the service name. The fqdn ist the fully qualified domain name of the host where PowerFolder Server will be installed, e.g. The realm is the same as the domain name of your Active Directory and should be written UPPERCASE, .e.g. EXAMPLE.COM. The username you've already created in the steps before.

  5. (tick)(tick) That's it for the domain controller configuration.


Code Block
titleConfiguration of the Service Host
"C:\Program Files\\PowerFolder-Server\jre\bin\ktab" -k C:\ProgramData\PowerFolder\keytab -a "krbsrvpf/" -n 0

(info)(info) The command will ask you for a password. Please enter the same password you assigned when creating the user account in Active Directory.

(warning)(warning) Please verify that the file keytab has been created in the C:\ProgramData\PowerFolder directory.


After the installation you can launch the client. It should now automatically log in to the PowerFolder Server.

(warning)(warning)At the end after all the steps above please reset the password of the user account in your active directory, where PowerFolder Server is installed!

(error)(error) Kerberos SSO doesn't work if the user belongs to the administrators group on the machine!