MIT Krb5 does not work on WinXP SP2 was Re: KfW 2.6 vs Windows 2003 Server: question to the community

Jeffrey Altman jaltman at
Tue Jan 20 17:23:07 EST 2004

I can verify the behavior.  Windows will not output the session key 
without or without the registry key set.
the reason that krb5_get_credentials() fails is because the session key 
is NULL and the client cannot access
the data necessary to request a service ticket from the KDC.

What your krb524 code will need to do in this case is use KfW 2.6 and 
set the ccache to "MSLSA:".  Then
the ticket request will be performed by the Kerberos LSA and not by the 
MIT libraries.

- Jeffrey Altman

diskin wrote:

> --On Tuesday, January 20, 2004 3:23 PM -0500 Jeffrey Altman 
> <jaltman at> wrote:
>> Let me go test this again.  However, when I tested KfW last week I did
>> not see any negative side effects when obtaining credentials.  Are you
>> obtaining credentials from a Windows A.D. or from a non-MS KDC?
> The error occurs when we log into the "Kerberos Realm", not AD.  We're 
> running non-MS KDCs, our normal Heimdal-based KDCs.
>> I would be interested in seeing what your 524 code is doing.
> I copied the function which does this at the end of this message: 
> GetV4Creds.  The failure occurs at the point I marked "***".  I guess 
> I need to trace further into the library to see exactly where things 
> fail.
> Thanks for looking at this.
> Gregg

More information about the krbdev mailing list