MIT/Win2k/XP Kerberos trust relationship bug?
Brian Davidson
bdavids1 at gmu.edu
Tue Jul 13 14:39:00 EDT 2004
Yes, this is what I'm talking about. I see this issue on every single
Windows XP system I've tried it on (quite a few).
When I unlock the workstation, I have a TGT for the MIT realm, and a
host ticket for the AD realm. All other AD tickets are gone, including
the cross realm TGT for the AD and the LDAP and CIFS tickets from the
AD realm.
What's even more troubling is that sometimes I still can access some
shares, even without a ticket. But that's a separate issue...
Brian
On Jul 13, 2004, at 2:27 PM, Wachdorf, Daniel R wrote:
> Are you talking a login using the windows gina and typing in
> username at MIT.REALM? Which then uses trust between MIT.REALM and
> ACTIVEDIRECTORY.REALM?
>
> When I run that, I don't have the problem. I can lock my XP box fine,
> come
> back and I still have my tgt for mit.realm and the cross realm ticket
> for
> activedorectory.realm. further requests for tickets work fine.
>
> -dan
More information about the Kerberos
mailing list