KfW 2.6 vs Windows 2003 Server: question to the community
hartmans at MIT.EDU
Thu Jan 22 00:55:46 EST 2004
>>>>> "Jeffrey" == Jeffrey Altman <jaltman at columbia.edu> writes:
Jeffrey> You are therefore suggesting that if the session key type
Jeffrey> is NULL, then the MSLSA ccache should behave as if the
Jeffrey> ticket did not exist.
Hmm, that would break klist. OTOH, that might be the best we can do.
>> Leash should not generate an error for automatic ticket
Jeffrey> Certainly not for automatic imports, but what about when
Jeffrey> the user manually imports tickets?
Jeffrey> I believe that if the session keys for TGTs cannot be
Jeffrey> obtained that the "import" function should be disabled
Jeffrey> just as it is if the current Windows logon session is not
Jeffrey> authenticated with Kerberos.
Jeffrey> Do you concur?
More information about the krbdev