support SSO in Windows with Keberos TGT
Jeffrey Altman
jaltman at secure-endpoints.com
Fri Jan 25 18:52:32 EST 2008
Eswar S wrote:
> Hi,
>
>
> Using Mit Kerberos how can I support SSO?
You can obtain your tickets during the windows logon process from your
domain controller and then access them from KFW aware applications by
setting the default ccache to MSLSA: or by permitting Network Identity
Manager to synchronize the MSLSA: cache contents with an API: cache.
>
> Is it possible to update Microsoft cache? How can I make other kerberised
> application to use cache file which is generated by my application.
On Vista the MSLSA: cache is read-write provided you do not use the
binaries provided by MIT.
KFW 3.2.2 was built incorrectly and the MIT distribution treats the
Vista MSLSA: cache as read-only.
>
> I mean when I got credentials (TGT) from KDC, I will store to cache file. I
> will set it as default cache.
Ok. Then all KFW aware applications that do not specify a ccache will
use those credentials.
>
> My doubt is how all are supporting SSO using Kerberos tokens.
>
> How can I update Microsoft cache? Is it possible?
>
> Please help me in this regard. I will be waiting for your reply.
>
> Thanks and Regards,
> Eswar S
>
> ****************************************************************************
> ***********
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender by
> phone or email immediately and delete it!
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080125/c2c10e18/attachment.bin
More information about the Kerberos
mailing list