Vista / UAC
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Feb 28 21:28:35 EST 2007
Tim Alsop wrote:
> Hello,
>
> I am intersted in how far you have got with developing support for MS
> WIndows cache on Vista. We find our code works well, but only if UAC is
> turned off. This is because when UAC is enabled the session key in a
> service ticket is returned as all zero's instead of a valid session key.
> The result is that a server application that is accepting a security
> context fails to accept the context using the key from a key table file
> on server. I plan to raise a support call with MS, but wanted to check
> first if you had already talked to MS and found a solution to this
> problem ?
>
> Regards,
> Tim
Tim:
This is working as designed.
When the user is a normal user and the AllowTGTSessionKey value is
non-zero, the session key may be extracted.
When the user is an administrator and UAC is active, the session key can
only be extracted if the AllowTGTSessionKey value is non-zero and the
process is running with elevated privileges.
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070228/fa6a383e/attachment.bin
More information about the krbdev
mailing list