SSO Fails on XP SP2
Markus Moeller
huaraz at moeller.plus.com
Mon Jul 30 15:53:22 EDT 2007
Can you use kerbtray to see if you get the service principal ?
Markus
"Miguel Sanders" <miguelsanders at telenet.be> wrote in message
news:1185823586.577161.78640 at l70g2000hse.googlegroups.com...
> Markus, I already tried editing that setting but no luck either...
> Everytime I think I am done with this setup, there is a new issue...
> However, the SSO from the Linux clients to the UNIX KDCs worked
> instantly!
>
> On 30 jul, 20:52, "Markus Moeller" <hua... at moeller.plus.com> wrote:
>> You might need this:
>>
>> "This new feature has been seen in Windows 2003 Server, Windows 2000
>> Server
>> SP4, and Windows XP SP2. We assume that it will be implemented in all
>> future Microsoft operating systems supporting the Kerberos SSPI.
>> Microsoft
>> does work closely with MIT and has provided a registry key to disable
>> this
>> new feature.
>>
>> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
>> AllowTGTSessionKey = 0x01 (DWORD)On Windows XP SP2 the key is specified
>> as
>>
>> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
>> AllowTGTSessionKey =
>> 0x01 (DWORD)"as described
>> herehttp://web.mit.edu/kerberos/kfw-2.6/kfw-2.6.5/relnotes.html#mslsa
>>
>> Regards
>> Markus
>>
>> "Miguel Sanders" <miguelsand... at telenet.be> wrote in message
>>
>> news:1185818694.532130.67160 at g4g2000hsf.googlegroups.com...
>>
>>
>>
>> > Dear all
>>
>> > I don't know whether or not I should post this here or in
>> > microsoft.xp.client but I will do both.
>> > After successfully implementing a cross realm trust between AD and a
>> > UNIX realm, it seems that the clients that user SP1 can successfully
>> > have SSO to the UNIX machine whereas the SP2 people can't. Can anyone
>> > help me out, since I am not a Windows expert :-)
>> > The tool I use for SSO on the Windows clients is Vintella Putty 0.60
>> > q1.129.
>>
>> > Kind regards
>>
>> > Miguel
>>
>> > ________________________________________________
>> > Kerberos mailing list Kerbe... at mit.edu
>> >https://mailman.mit.edu/mailman/listinfo/kerberos- Tekst uit
>> >oorspronkelijk bericht niet weergeven -
>>
>> - Tekst uit oorspronkelijk bericht weergeven -
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list