Windows

Benjamin Kaduk kaduk at MIT.EDU
Mon Nov 16 22:01:38 EST 2015


On Mon, 16 Nov 2015, Randolph Morgan wrote:

> I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything
> I have read indicates that the identity manager is not integrated into
> the new ticket manager.  Ticket manager shows that I have received a

I'm not sure what you mean by these terms.  Is "the identity manager" the
"Network Identity Manager" such as is available from
https://www.secure-endpoints.com/netidmgr/v2/ ?  Is the "new ticket
manager" the "MIT Kerberos.exe" distributed in the KfW 4.0.1 installer?

> ticket from my krbtgt from my server, but Windows does not show a ticket
> when I run klist.  If I run kinit, Windows receives and the ticket

There is a klist.exe shipped with Windows by Microsoft, that is unrelated
to either of the previously mentioned programs.  (You can get the KfW
klist.exe by specifying a full path, e.g., C:\Program
Files\MIT\Kerberos\bin\klist.exe)

> manager shows a ticket, but if I go through the ticket manager Windows
> does not show a valid ticket.  is there some kind of registry setting
> that I need to modify, or is there something in my krb5.ini file that I
> should modify so that windows shows a ticket when it is issued through
> the ticket manager?

It sounds like perhaps (but it's very hard to tell since the description
lacks sufficient detail) you are putting credentials into different caches
when obtained via the command-line and via the MIT Kerberos.exe Ticket
Manager.  The KfW klist.exe with the -A argument should help clarify
whether this is the case.  Only the MSLSA: cache is accessible to the
Microsoft Kerberos implementation.

The MIT Kerberos.exe Ticket Manager does have a "make default"
functionality that will set a registry key for future credential
acquisitions.

-Ben Kaduk


More information about the Kerberos mailing list