Citrix – Kerberos PassThrough in Windows 7


Since the release of Windows Vista Citrix is no longer able to grab the PIN entered when logging on the computer. This has resulted in a lack of previous working PIN pass-through towards Citrix XenApp published applications. Citrix in cooperation with SecMaker has a working solution for this.


The solution requires Net iD on the server and the client, but also XenApp 6 and Kerberos delegation enabled.

Technical description

The user uses his smartcard to log on his Windows 7 based workstation with Net iD. When a connection towards a Citrix XenApp 6 published application is made the local Kerberos ticket is forwarded to the server and the user is automatically logged on with this ticket.