How does MIT Kerberos SDK works with MSLSA:

deepak kumar deepakk87 at
Mon Jan 28 23:17:14 EST 2013

Hi All,

I have been working on  developing  Client and a  Service application for
Windows as a prototype. These prototypes should do kerberos based mutual
authentication where client should authenticate using the logged on
credentials of the logged in windows user.
I am using Kerberos for Windows 4.

Now if i do klist MSLSA: on command prompt, I get a list of service ticket

but I don't see any krbtgt (TGT).
But the client application still works as long as there is any service
ticket available(visible in klist).
After a while service tickets expires and klist start returning empty list.
At this time the client aplication start to fail saying  credential cache
is empty..

If I keep waiting for some time some other service ticket will
automatically get generated and application will start working again.

I know by setting  enabletgtseesionkey registry entry to true. will allow
us to see TGT using klist. but we don't want to change any registry

I want to know how the client application is working without TGT. and why
service ticket dissappear after expiry time .Is there any way to get them
renewed  automatically.


More information about the krbdev mailing list