Vista / UAC
Jeffrey Altman
jaltman at secure-endpoints.com
Thu Mar 1 10:01:50 EST 2007
Tim:
I don't know what problem you are having but session keys can be read
just fine by non-Administrator accounts.
I log into Vista with my non-Administrator account from my 2003 domain.
I set the default ccache to MSLSA: and then startup a copy of Kermit 95
which I use to SSH gssapi-keyex into a host via a cross-realm
authentication.
[C:\kermit]set KRB5CCNAME=MSLSA:
[C:\kermit]k95g
[C:\kermit]klist
Ticket cache: MSLSA:
Default principal: userone at WINDOWS.SECURE-ENDPOINTS.COM
Valid starting Expires Service principal
03/01/07 09:59:37 03/01/07 16:50:49
krbtgt/SECURE-ENDPOINTS.COM at WINDOWS.SECURE-ENDPOINTS.COM
renew until 03/07/07 21:05:49
03/01/07 06:50:49 03/01/07 16:50:49
krbtgt/WINDOWS.SECURE-ENDPOINTS.COM at WINDOWS.SECURE-ENDPOINTS.COM
renew until 03/07/07 21:05:49
03/01/07 09:55:18 03/01/07 16:50:49
host/redhat71.secure-endpoints.com at SECURE-ENDPOINTS.COM
renew until 03/07/07 21:05:49
There is no UAC involved in this interaction.
UAC is only involved when the account is a member of the Administrators
group.
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070301/3a85ad2f/attachment.bin
More information about the krbdev
mailing list