How can we improve Kerio Connect?

Kerberos for Single Signon

It would make our lives a lot easier if KC would support Kerberos for single sign on of mail clients. Currently, when users change their system password, they have to change all their Mail passwords as well.

Kerberos would solve this once and for all.

71 votes
Sign in Sign in with GFI
Signed in as (Sign out)
You have left! (?) (thinking…)
Cairns Fertility Centre shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in Sign in with GFI
Signed in as (Sign out)
  • Andreas Paul commented  ·   ·  Flag as inappropriate

    Hi @All,

    any news on this topic 2010-2018(8 Years)?

    If you run Kerio on Windows it is possible to use SSO from Outlook. Is there an Inoffical hack or something else to get this on a Linux server as well. We have configured all the installations with realmd(Linux Machine is joined to the domain), and krb. (SPN's in place etc.) + LDAP. The webservers apache, nginx are able to deal with this kind of authentification. Why its still not avilable for Kerio Connect.

    Kind Regards


  • Hector Bianchi commented  ·   ·  Flag as inappropriate

    Kerio already works with Kerberos. When a user changes password in Active directory, change is reflected in Kerio connect.

  • David Thompson commented  ·   ·  Flag as inappropriate

    Exchange, Zimbra, Apple Mail Server all support Client side kerberos authentication and logins. Kerio Connect --> FAIL.

    With more of my clients looking to simplify their lives with SSO, connect and other kerio products are going to start to lose my business and my clients business (new and renewal)

  • David Thompson commented  ·   ·  Flag as inappropriate

    Kerio seriously needs to get on the ball with Kerberos for Client support. Having the server to server kerberos support is great, but it would make my (and I am sure lots of other users) lives 10 times easier by only having to manage a users single password for a user and not have to change a password at login time and then have to drop through 3 or 4 other apps to update their passwords.

    SSO would seriously make this a lot less management. One kerberos ticket as opposed to multiple password entries in different apps.

    I have been waiting for this in Connect for over 5 years. Come on now, this is 2013. Time to get on the Kerberos Ball Kerio.

  • NVest Holdings commented  ·   ·  Flag as inappropriate

    What I find with this is that Kerio support the signn from KOC BUT we run a single AD domain ( with multiple OUs. With that, each user in a OU ( has a different email domain. Kerio tries to auth you using the domain "" instead of "".

    surley Kerio can pick up the user's email address from theit AD account and auth using that instead of trying the default domain?

  • Matthew Healey commented  ·   ·  Flag as inappropriate

    Kerio are not already supporting this on the client site. Sure Kerio SERVER can use Kerberos to auth a client to a directory, but that client can not use Kerberos to auth to Kerio... which kinda defeats the entire point.

  • Kate Morlet-Brown commented  ·   ·  Flag as inappropriate

    I have never been able to get this to work... I have set up authentication to OD via Kerberos but refuses to work, saying that the server doesn't support Kerberos...

  • Hector Bianchi commented  ·   ·  Flag as inappropriate

    Kerio is already supporting Kerberos and single signon works from the very beginning. That why this has only few votes.

  • Tom Welch commented  ·   ·  Flag as inappropriate

    How does this not have more votes? Just getting into Kerberos and I was disappointed to see Kerio didn't support it.

Feedback and Knowledge Base