KfW 2.6 vs Windows 2003 Server: question to the community
jaltman at columbia.edu
Mon Jan 19 17:54:04 EST 2004
I would agree except that if you set the ccache to "MSLSA:" then you
do not need to perform an importation in order to use the logon
Douglas E. Engert wrote:
>Jeffrey Altman wrote:
>>In the process of testing KfW 2.6 Beta 2 on Windows 2003, it has been
>>due to a change in the MS LSA behavior, when reading a TGT from the LSA to
>>insert into the MIT ccache (ms2mit.exe) that the session key is no
>>This makes the TGT useless for applications which are expecting to use
>>the TGT to
>>obtain additional tickets.
>>There is a new registry key which can be set which will restore the
>>behavior used in
>>Windows 2000 and XP.
>> AllowTGTSessionKey = 0x1 (DWORD)
>>The question is: Should the Kerberos for Windows installer set this
>>as part of the installation procedure on Windows 20003?
>I would say yes, or you could make it an option to change it. If one is
>installing KfW, I would expect that one would in almost all cases want
>to use the TGT from login if available.
>>If it is not set, should ms2mit.exe and Leash generate an error instead of
>>performing the ticket importation?
>If there is an error message it should say this can be changed in the registry.
>>krbdev mailing list krbdev at mit.edu
More information about the krbdev