KLogon is secondary Kerberos logon for Windows designed to mimic Kerberos single sign-on [primarily] on standalone/unmanaged computer.

Essentially KLogon is equivalent to 'runas  /netonly /user:name@KRB.REALM explorer.exe', but it offers a number of advantages over runas. First of all, unlike runas when entered password is first exercised only upon first connect to remote service, not upon new process spawn, KLogon verifies typed password prior it re-launches explorer.exe, thus giving user immediate feedback about Kerberos logon being successful or not. Then KLogon automatically terminates currently running explorer.exe in order to replace it with one running with chosen credentials. This effectively re-bias explorer shell and its descendants, or in other words all applications you start afterwards, to Kerberos realm. To emphasize single sign-on illusion Klogon even registers chosen realm as Local Intranet zone.

However! Restarting explorer with alternative network credentials unfortunately has certain side-effects.

• Most notably start-up folder is re-evaluated and your "tray" applets are re-executed. Most programs manage this switch just fine, but no warranties can be provided.
• Secondly currently mapped network resources are rendered inaccessible. You have to re-map if you want to access them from "re-biased" session.
• If explorer dies for some reason, you get logged out. Normally explorer is gracefully restarted. If you're to terminate explorer yourself from Task Manager and don't want to be logged out, then terminate background klogon.exe first.
• Programs left running in background with original credentials might induce confusing behaviour. For example Acrobat Reader has quality to stick around in background and pick up .pdf you double-click in explorer. What happens is that explorer spawns Acrobat Reader with file name as argument. The latter first check if there is another one running already on current desktop and if it turns to be the case file name is passed to the one running in background. Now, if background process was started prior KLogon and the requested file resides on network share access shall fail [because background process has no access to Kerberos credentials]. For this reason it's recommended to start KLogon as early as possible, you might even choose to put it into your start-up folder.