Kerberos for Windows & MSLSA Cache

Benjamin Kaduk kaduk at MIT.EDU
Mon Mar 9 22:24:02 EDT 2015 

On Fri, 6 Mar 2015, Christopher Penney wrote:

> On Fri, Mar 6, 2015 at 12:44 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:
>
> >
> > I believe I have fixed these bugs in the krb5 development branch, but they
> > have not made it into a new KfW release yet.  If you are interested in
> > building KfW from the latest sources, I would be interested to hear if
> > that resolves your problems.
> >
> >
> That's good to know, thanks.  I might try that though I'm not much of a
> developer.  Is there any ETA (even if rough) for when this would make it to
> a "released" version?

It seems that some demand from this is appearing from other places as
well, so it will make its way higher on my priority list.  There is
another feature wanted for the next KfW release (better screen reader
support), so the ETA is still measured in months; I would ballpark 2
months until a beta release, but that is a very rough estimate and could
change a lot.

> > > I'm also experiencing a problem where (using either MSLSA: or a file for
> > > the CC) I can renew tickets just fine from a cmd window using '"kinit
> > -R",
> > > but the MIT Kerberos.exe sys tray tool crashes when it tries to renew.  I
> > > get the following in event viewer:
> >
> > I am less sure about this issue.  It is possible that it is related to the
> > UAC permissions mentioned above, but it may be a different issue.
> >
>
> I should have noted this in the original note, but it seemed like it used
> to work (we've been using KfW for about 6 months), but recently broken.
> The user sample size is really small here though so it's hard to tell.  Is
> there anything I can do to help pin it down (e.g. debugging flags I'm not
> aware of)?

Most of the debugging flags are set at compile time.  The KRB5_TRACE
environment variable does work (as on Unix krb5), but I don't expect it to
provide any useful output for this situation.

Debugging runtime crashes is usually easiest with the help of a debugger,
but the release versions do not include debugging symbols.  If you want
have visual studio around and want to try, I can see about sending the
debug symbols to you.

-Ben

More information about the Kerberos mailing list