KfW 2.6 vs Windows 2003 Server: question to the community

Sam Hartman hartmans at MIT.EDU
Thu Jan 22 00:55:46 EST 2004

>>>>> "Jeffrey" == Jeffrey Altman <jaltman at columbia.edu> writes:

    Jeffrey> You are therefore suggesting that if the session key type
    Jeffrey> is NULL, then the MSLSA ccache should behave as if the
    Jeffrey> ticket did not exist.
Hmm, that would break klist.  OTOH, that might be the best we can do.

    >> Leash should not generate an error for automatic ticket
    >> imports.
    Jeffrey> Certainly not for automatic imports, but what about when
    Jeffrey> the user manually imports tickets?

    Jeffrey> I believe that if the session keys for TGTs cannot be
    Jeffrey> obtained that the "import" function should be disabled
    Jeffrey> just as it is if the current Windows logon session is not
    Jeffrey> authenticated with Kerberos.

    Jeffrey> Do you concur?


More information about the krbdev mailing list