support SSO in Windows with Keberos TGT

Jeffrey Altman jaltman at secure-endpoints.com
Fri Jan 25 18:52:32 EST 2008


Eswar S wrote:
> Hi,
>
>
> Using Mit Kerberos how can I support SSO?
You can obtain your tickets during the windows logon process from your 
domain controller and then access them from KFW aware applications by 
setting the default ccache to MSLSA: or by permitting Network Identity 
Manager to synchronize the MSLSA: cache contents with an API: cache.
>
> Is it possible to update Microsoft cache? How can I make other kerberised
> application to use cache file which is generated by my application.
On Vista the MSLSA: cache is read-write provided you do not use the 
binaries provided by MIT.
KFW 3.2.2 was built incorrectly and the MIT distribution treats the 
Vista MSLSA: cache as read-only.
>
> I mean when I got credentials (TGT) from KDC, I will store to cache file. I
> will set it as default cache.
Ok.  Then all KFW aware applications that do not specify a ccache will 
use those credentials.
>
>  My doubt is how all are supporting SSO using Kerberos tokens.
>
>  How can I update Microsoft cache? Is it possible? 
>
> Please help me in this regard. I will be waiting for your reply.
>
> Thanks and Regards,
> Eswar S
>
> ****************************************************************************
> ***********
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender by
> phone or email immediately and delete it!
>
>  
>
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080125/c2c10e18/attachment.bin


More information about the Kerberos mailing list