Vista / UAC

Todd Stecher todd.stecher at
Wed Feb 28 18:04:11 EST 2007

On Feb 28, 2007, at 10:09 AM, Tim Alsop wrote:

> Hello,
> I am intersted in how far you have got with developing support for MS
> WIndows cache on Vista. We find our code works well, but only if  
> UAC is
> turned off. This is because when UAC is enabled the session key in a
> service ticket is returned as all zero's instead of a valid session  
> key.
> The result is that a server application that is accepting a security
> context fails to accept the context using the key from a key table  
> file
> on server. I plan to raise a support call with MS, but wanted to check
> first if you had already talked to MS and found a solution to this
> problem ?

I'm pretty sure this is in XPSP2 as well - this is controllable via  
the registry (can't recall the value off the top of my head, but it  
may be on

This support was added to keep rogue applications from stealing the  
session key outside of the context of the LSA.  I left MS too early  
to know if UAC affects this registry key and the  
LsaApCallAuthenticationPackage() level, but I doubt it does - it is  
likely only gated by the "mystery" registry key noted above.    I'll  
see if I can dig up the details - I'm pretty certain Jeff Altman  
knows the value as KFW likely sets it.


Todd Stecher | Windows Interop Dev
Isilon Systems    P +1-206-315-7500     F  +1-206-315-7501    D +1-206-315-7638    M +1-425-205-1180

More information about the krbdev mailing list