sspi cache vs mit credential cache

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Sep 6 19:01:29 EDT 2005


Subu Ayyagari wrote:
> * I have windows AD 2003 forest with 2-way trust to
>   MIT realm.
> 
> * Crossrealm setup has been configured.
> 
> Question: From info available on the mit website,
>           it appears the microsoft cache *has* to be 
>           copied to mit credential cache (leash
> import).
> 
> Is this required? Can applications (eg: kerberized
> ssh)
> directly use microsoft credential cache?
> 
> thanks
> -subu

Applications can be written to use the Microsoft Kerberos SSP.
If so, they don't use the MIT libraries at all.


If the application is written to use the MIT Kerberos libraries
then there are two choices.  Leash can copy the credentials from
the MSLSA ccache into the MIT CCAPI cache or the user can choose
to use the MSLSA cache directly.

Be sure you are using KFW 2.6.5.

Jeffrey Altman


-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list