How do I use KfW kinit.exe with respect to the Windows credentials cache?

Jeffrey Altman jaltman at
Wed Jul 29 09:10:27 EDT 2009

Henry B.Hotz wrote:

> I thought there was a registry setting to allow that?

There is a registry key that permits third party Kerberos libraries to
export the TGT from the kernel protected LSA cache.  There is no
registry key that provides the reverse.

Beginning with Vista/2008 there is a new API that permits a ticket to be
forwarded to the LSA from third party applications.  However, the
question indicated the platform is XP and the relevant functionality is
not available there.  Even on platforms that do support this
functionality it cannot be used by KfW because MIT's build of the MSLSA:
support was made with the wrong ntsecapi.h header file version and as a
result the support was disabled.

Jeffrey Altman

More information about the krbdev mailing list