KfW 2.6 vs Windows 2003 Server: question to the community
jaltman at columbia.edu
Mon Jan 19 16:45:59 EST 2004
In the process of testing KfW 2.6 Beta 2 on Windows 2003, it has been
due to a change in the MS LSA behavior, when reading a TGT from the LSA to
insert into the MIT ccache (ms2mit.exe) that the session key is no
This makes the TGT useless for applications which are expecting to use
the TGT to
obtain additional tickets.
There is a new registry key which can be set which will restore the
behavior used in
Windows 2000 and XP.
AllowTGTSessionKey = 0x1 (DWORD)
The question is: Should the Kerberos for Windows installer set this
as part of the installation procedure on Windows 20003?
If it is not set, should ms2mit.exe and Leash generate an error instead of
performing the ticket importation?
More information about the krbdev