Kerberos was never “broken,” but it did have blind spots that kept NTLM alive in more places than most teams realized. When Kerberos can’t be used, Windows falls back to NTLM—especially in segmented networks, remote access scenarios, workgroups, and peer-to-peer setups—creating one of the biggest blockers to fully disabling NTLM.

In this deep-dive session, you’ll hear directly from the team behind IAKerb and LocalKDC, two Kerberos extensions designed to close many of those gaps. We’ll break down where classic Kerberos fails, why NTLM gets pulled in, and how Windows now extends Kerberos to cover scenarios that previously had no secure alternative. Through real authentication flows, concrete use cases, and lessons learned from the field, you’ll learn what works, what breaks, and what to validate before you turn NTLM off. If you care about identity security, NTLM deprecation, or how Kerberos behaves in modern Windows environments, this session will change how you think about Windows authentication.