--- wikisrc/kerberos/system.mdwn	2009/10/21 01:15:50	1.2
+++ wikisrc/kerberos/system.mdwn	2009/11/05 03:14:44	1.3
@@ -1,10 +1,11 @@
 [[!tag kerberos howto]]
 
-#### Why Kerberize your system?
+#### Why enable Kerberos on your system?
 
 Convenience and security. With
 [Kerberos](http://web.mit.edu/Kerberos/dialogue.html), a single
-login grants access to all NetBSD web services.
+login grants access to all NetBSD web services. Configuration is easy
+and you only have to do it once (sometimes less).
 
 #### [[!toggle id="macosx" text="Mac OS X"]]
 [[!toggleable id="macosx" text="""
@@ -43,3 +44,18 @@ in DNS. To use Kerberized TNF services, 
 
 The right-hand side is a Kerberos realm, not a DNS domain. Case is significant!
 """]]
+
+#### [[!toggle id="windows" text="Windows XP"]]
+[[!toggleable id="windows" text="""
+Windows docs generally assume you want to add your machine to the realm and use Kerberos logins as system logins. This is not what we want.
+
+Progress so far:
+
+7. Download [Windows XP Service Pack 2 Support Tools](http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38).
+7. Install custom/full (whatever it takes to get everything installed).
+7. From the Start menu, choose Run and enter `cmd` to get to the prompt.
+7. `ksetup /AddKdc NETBSD.ORG`
+7. `ksetup /MapUser <username>@NETBSD.ORG "%USERNAME%"`
+
+This may or may not be on the right track. Don't know how to `kinit <username@NETBSD.ORG>` yet.
+"""]]