New cred cache breaks Win2k service
Mike Frisch
mfrisch at isurfer.ca
Wed Feb 20 15:07:29 EST 2002
On Wed, 20 Feb 2002 18:20:31 +0000 (UTC), Sam Hartman <hartmans at mit.edu> wrote:
>>>>>> "Mike" == Mike Frisch <mfrisch at isurfer.ca> writes:
>
> Mike> With the recent changes to the Kerberos Credentials Cache,
> Mike> my service on Windows 2000 is now broken. Without being
> Mike> able to use impersonation, how do I allow a Windows 2000
> Mike> service to perform Kerberos/GSS operations on behalf of
> Mike> other users?
>
>You have those users forward or proxy tickets to your service. Since
>you're in W2K land, you probably need to use forwarding at the
>SSPI/GSSAPI level.
While I understand in theory, I am not well versed in the Kerberos
library, so I will have to do a little reading for clarification. AS
long as there is a solution, everything will be fine.
Thanks for the prompt followup,
Mike.
More information about the Kerberos
mailing list