Windows LSA under a non-Windows domain

Santiago Rivas sanribu at
Mon Oct 26 07:01:53 EDT 2009

Hi everyone,

I'm setting up Kerberos to work on Windows XP machines managed by a Samba as

Thanks to your support, I know how to configure the credentials file cache
on Windows platform. Next step is learn how to use Local Security Authority
(LSA) in order to obtain TGT automatically from user logon.

I've read several documents on the web (
and I get an idea, but still have some questions to ask:

- Is it required to be under an Active Directory Windows Domain for LSA to
gather the credentials? I ask it because most of the articles that I've read
about LSA asume to be on that scenario, nevertheless I'm using openldap and
Samba (as I mentioned before).

- If it's possible to use LSA under a non-Windows domain, is there any extra
configuration needed? (besides the *allowtgtsessionkey* registry change)

Thanks in advance!

More information about the krbdev mailing list