MIT Kerberos Client and MSLSA Cache
Meike Stone
meike.stone at googlemail.com
Wed Apr 22 12:57:01 EDT 2015
Hello Benjamin,
thank you very much for great help!
Today I got running SAP SSO for W2k3 too!
> I would recommend making the API: cache the default and having SAP use
> that, if there is no external need for using the LSA cache. Getting
> things working properly with the LSA cache can be very frustrating, and
> the API: cache should be much simpler to set up.
Thats what I did!
Switched from MSLSA to MIT ccache AND using gssap32.dll from MIT!
The following and my wrong post in the other thread gave me the
enlightened hint!
> When using the KfW 4.0.x gssapi32.dll, there should not be a need to
> already have a TGT -- I believe the library can launch MIT Kerberos.exe
> and pop up a "Get Ticket" window.
Yes, that works all as described (but only with the MIT gssapi32.dll ;-)!
Problem was only the weak encryption (single-des) derived from former XP
clients in our AD-Domain (arrg)
I configured this in krb5.ini (allow_weak_crypto = true) and every
thing was working!
Thanks a lot,
Regards Meike!
More information about the Kerberos
mailing list