KfW and Vista

Jeffrey Altman jaltman at secure-endpoints.com
Mon Jul 28 19:25:45 EDT 2008


The installer runs with Administrator privileges under the Administrator
session.  It is running in a different logon session than the user session.
If you see Windows report the second session as the same user it is because
the user is in the Administrators Group and as such is running in a second
session without the UAC restrictions.

Once the installer process is running elevated it is not possible to
have it CreateProcess within the original logon session.

Jeffrey Altman

petesea at bigfoot.com wrote:
> I have a special installer (NSIS) that first installs KfW and then starts 
> the NIM so the user can enter their Kerberos password and then accesses a 
> server via SSH/GSSAPI.
>
> On Win XP, this works fine.  Vista on the other hand seems to run the NIM 
> in a different context or session or something.  It's running as the same 
> user, but credentials available via the NIM are not available via command 
> line clients (ie running klist from the command line says there's no 
> credentials even though the NIM says there are).
>
> If I run "Process Explorer", I see there are 2 - krbcc32s.exe processes 
> and I presume that means they are using separate credentials caches?
>
> Is there any way to force a NIM that was started via an installer so it 
> uses the same credential cache as the command line kinit/klist/kdestroy?
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080728/67854a6c/attachment.bin


More information about the Kerberos mailing list