leash32 2.6.4 issues
Jeffrey Altman
jaltman at columbia.edu
Wed Aug 4 19:54:46 EDT 2004
matt cocker wrote:
On Terminal Server you should have a key in the registry:
HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal
Server\Compatibility\Applications\leash32.exe" Flags = 0x408
When this key is present, the GetWindowsDirectory() will not be
pointed at the %USERPROFILE%\Windows directory. This key is being
set by the MIT KFW 2.6.4 installer.
> But afscreds would require leash be installed for this to happen?
afscreds cannot perform token renewal without krb5 support
>> What is obtaining the tickets you are expecting to find in the cache?
>>
>
> We are using the "Obtain AFS tokens when logging into Windows" option in
> the control panel which is requesting a krb5 ticket from the KDCs and I
> thought stored it at API:principle at REALM. After login leash gui shows
> afs tokens but no tickets. If you then run afscreds "Obtain New Tokens"
> manually it seems to store the tickets in API:principle at REALM and leash
> shows them.
>
> Have I just misunderstood how the login works.
Yes you have. Kerberos V tickets cannot be placed into a MIT Credential
Cache by afslogon.dll. The Credential Cache for the user session does
not exist at the time the tokens are obtained.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3256 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040804/d75882f6/attachment.bin
More information about the Kerberos
mailing list