Problems with SSO authentication in windows XP sp2

Miika Parvio miika.parvio at NOSPAMtut.fi
Wed Feb 16 13:28:37 EST 2005


Hello!

I have managed to get to work SSO authentication between windows XP 
(sp2) and windows server 2003. So when user is logged in to windows and 
starts application, which I have made, authentication is done by 
Krb5LoginModule. If TGT is found from the cache, authentication is 
succesfull, otherwise Krb5LoginModule asks username and password of the 
user. I'm using the latest JDK (1.5). Everything has been worked very 
well,but today I noticed that SSO didn't worked after I had logged in. I 
also noticed, that if I locked and unlocked my workstation SSO started 
to work in my Java application. I repeated the following sequence many 
times:

1. Log on to windows XP
2. Start my Java application and try single sign on
3. SSO failed (not TGT in cache)
4. Application asks username and password
5. Username and password authentication was succesfull
6. Lock workstation
7. Unlock workstation
8. Start my Java application and try single sign on
9. Authentication is succeeded
10. Log out MOVE TO step 1.

It seems that after logon, the TGT isn't in the cache, but after lock 
and unlock operations the TGT is in the cache.

I think everything worked in the last week. I have checked, that 
following registry key is set to value 0x01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\allowTGTSessionKey

DES encrypting is turned on in my acount(JSSE and Krb5LoginModule 
requires it)

So what else? I have installed some security updates of windows during 
this week. Can those updates broke the SSO functionality?

Miika







More information about the Kerberos mailing list