KfW 2.6 vs Windows 2003 Server: question to the community

Jeffrey Altman jaltman at columbia.edu
Tue Jan 20 10:23:12 EST 2004

I do not believe that setting the default ccache to MSLSA: is an option
for 99% of KfW users.   MSLSA: is only an option when the current
logon session is Kerberos authenticated.  MSLSA: is read-only.  Therefore,
if you set the default to MSLSA: then Leash (or other kinit tools) cannot
obtain credentials and store them in the ccache.

I have at least checked XP SP2 and it does not alter the behavior of
the Kerberos LSA with regards to obtaining session keys.

Jeffrey Altman

Paul B. Hill wrote:

>>The question is:  Should the Kerberos for Windows installer set this 
>>parameter as part of the installation procedure on Windows 20003?
>>if you set the ccache to "MSLSA:" then you do not need to perform an
>>importation in order to use the logon credentials.
>It sounds like there are two questions:
>1) What should the default ccache type be?
>2) If the default ccache is not MSLSA, should the registry on Win2k3 be
>modified so that ms2mit and Leash can import the TGT and its session key?

More information about the krbdev mailing list