Windows
Randolph Morgan
randym at chem.byu.edu
Wed Nov 18 16:17:24 EST 2015
I found the answer to my question, so I thought I would share it with
others here on the list. To get Windows to acknowledge that a ticket
has been issued through MIT Kerberos KfW 4.0.1 you need to edit a
registry key. The key is located at: HKEY_CURRENT_USER\SOFTWARE\MIT
Kerberos\Settings. Click on Issued and change the value from 0 to 1.
Once I did this a klist now shows the ticket issued by KfW 4.0.1.
Randy
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
On 11/16/2015 8:01 PM, Benjamin Kaduk wrote:
> On Mon, 16 Nov 2015, Randolph Morgan wrote:
>
>> I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything
>> I have read indicates that the identity manager is not integrated into
>> the new ticket manager. Ticket manager shows that I have received a
> I'm not sure what you mean by these terms. Is "the identity manager" the
> "Network Identity Manager" such as is available from
> https://www.secure-endpoints.com/netidmgr/v2/ ? Is the "new ticket
> manager" the "MIT Kerberos.exe" distributed in the KfW 4.0.1 installer?
>
>> ticket from my krbtgt from my server, but Windows does not show a ticket
>> when I run klist. If I run kinit, Windows receives and the ticket
> There is a klist.exe shipped with Windows by Microsoft, that is unrelated
> to either of the previously mentioned programs. (You can get the KfW
> klist.exe by specifying a full path, e.g., C:\Program
> Files\MIT\Kerberos\bin\klist.exe)
>
>> manager shows a ticket, but if I go through the ticket manager Windows
>> does not show a valid ticket. is there some kind of registry setting
>> that I need to modify, or is there something in my krb5.ini file that I
>> should modify so that windows shows a ticket when it is issued through
>> the ticket manager?
> It sounds like perhaps (but it's very hard to tell since the description
> lacks sufficient detail) you are putting credentials into different caches
> when obtained via the command-line and via the MIT Kerberos.exe Ticket
> Manager. The KfW klist.exe with the -A argument should help clarify
> whether this is the case. Only the MSLSA: cache is accessible to the
> Microsoft Kerberos implementation.
>
> The MIT Kerberos.exe Ticket Manager does have a "make default"
> functionality that will set a registry key for future credential
> acquisitions.
>
> -Ben Kaduk
More information about the Kerberos
mailing list