KfW 2.6 vs Windows 2003 Server: question to the community
Douglas E. Engert
deengert at anl.gov
Mon Jan 19 17:39:27 EST 2004
Jeffrey Altman wrote:
> In the process of testing KfW 2.6 Beta 2 on Windows 2003, it has been
> noticed that
> due to a change in the MS LSA behavior, when reading a TGT from the LSA to
> insert into the MIT ccache (ms2mit.exe) that the session key is no
> longer provided.
> This makes the TGT useless for applications which are expecting to use
> the TGT to
> obtain additional tickets.
> There is a new registry key which can be set which will restore the
> behavior used in
> Windows 2000 and XP.
> AllowTGTSessionKey = 0x1 (DWORD)
> The question is: Should the Kerberos for Windows installer set this
> as part of the installation procedure on Windows 20003?
I would say yes, or you could make it an option to change it. If one is
installing KfW, I would expect that one would in almost all cases want
to use the TGT from login if available.
> If it is not set, should ms2mit.exe and Leash generate an error instead of
> performing the ticket importation?
If there is an error message it should say this can be changed in the registry.
> Jeffrey Altman
> KfW Maintainer
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev