For Stages to be able to validate the user’s Kerberos ticket it has to maintain a trust relationship with the Kerberos domain. This trust relationship is established by mapping the Stages service to an Active Directory user account and exporting the Kerberos key of that account to the Stages server. For each Stages server instance a separate trust account has to be created.

To set up the Active Directory, start the Active Directory Users and Groups from the administrative tools menu and open the context menu of the Users tree node. Select New User from the menu. Next, enter the server's hostname in the first name field. Then type a password and check the “Password never expires” selection. Click next and confirm the summary dialog window. Export Kerberos key of the new account to a 'Keytab' file. Finally, open a command window on the Active Directory server and execute the following command:

ktpass –princ HTTP/<fqdn>@<KERBEROS-REALM>
 -mapuser <trust-account-name>
 -pass <trust-account-password>
 -out <output-file>
 -crypto rc4-hmac-nt