KFW vs Microsoft Windows XP SP2

Jeffrey Altman jaltman at columbia.edu
Mon Aug 9 17:31:12 EDT 2004

As a reminder for all users of MIT Kerberos for Windows who import
tickets from the Microsoft Windows Logon Session Cache.  Windows XP SP2
locks down the machine to prevent the exporting of Kerberos TGT session
keys unless you instruct Windows to do otherwise.

MIT KFW 2.6.4 will automatically set the appropriate key.  It is 
recommended that KFW 2.6.4 be used on Windows XP SP2.  However,
if you must use an earlier version you will have to set the following
value in the registry:


     AllowTGTSessionKey = 0x01 (DWORD)

More information about the krbdev mailing list