KfW 2.6 vs Windows 2003 Server: question to the community
Jeffrey Altman
jaltman at columbia.edu
Tue Jan 20 10:23:12 EST 2004
I do not believe that setting the default ccache to MSLSA: is an option
for 99% of KfW users. MSLSA: is only an option when the current
logon session is Kerberos authenticated. MSLSA: is read-only. Therefore,
if you set the default to MSLSA: then Leash (or other kinit tools) cannot
obtain credentials and store them in the ccache.
I have at least checked XP SP2 and it does not alter the behavior of
the Kerberos LSA with regards to obtaining session keys.
Jeffrey Altman
Paul B. Hill wrote:
>>The question is: Should the Kerberos for Windows installer set this
>>parameter as part of the installation procedure on Windows 20003?
>>
>...
>
>>if you set the ccache to "MSLSA:" then you do not need to perform an
>>importation in order to use the logon credentials.
>>
>
>It sounds like there are two questions:
>
>1) What should the default ccache type be?
>2) If the default ccache is not MSLSA, should the registry on Win2k3 be
>modified so that ms2mit and Leash can import the TGT and its session key?
>
>
More information about the krbdev
mailing list