SSPI not populating Microsoft Kerberos cache

Paul B. Hill pbh at MIT.EDU
Mon Mar 27 15:34:46 EST 2006


>2) User has done a NTLM login to the workstation:
>    In this case, the application client takes user principal name and
>kerberos password as input and makes the SSPI calls. SSPI calls acquires
>TGT and service ticket from the  MIT KDC and the calls succeed and
>application works. But neither the TGT nor the Service Ticket is present
>in Microsoft kerberos cache.
>   So how to cache the TGT using SSPI call? Do we have to make any
>other calls to populate the cache?

I am told that in this case SSPI is caching the TGT, but in this case you
cannot query the cache. If you do subsequent SSPI operations you should be
able to verify that the TGT is being cached by using a network monitor
(Ethereal) to examine the traffic. 


More information about the Kerberos mailing list