How does MIT Kerberos SDK works with MSLSA:
deepakk87 at gmail.com
Mon Jan 28 23:17:14 EST 2013
I have been working on developing Client and a Service application for
Windows as a prototype. These prototypes should do kerberos based mutual
authentication where client should authenticate using the logged on
credentials of the logged in windows user.
I am using Kerberos for Windows 4.
Now if i do klist MSLSA: on command prompt, I get a list of service ticket
but I don't see any krbtgt (TGT).
But the client application still works as long as there is any service
ticket available(visible in klist).
After a while service tickets expires and klist start returning empty list.
At this time the client aplication start to fail saying credential cache
If I keep waiting for some time some other service ticket will
automatically get generated and application will start working again.
I know by setting enabletgtseesionkey registry entry to true. will allow
us to see TGT using klist. but we don't want to change any registry
I want to know how the client application is working without TGT. and why
service ticket dissappear after expiry time .Is there any way to get them
More information about the krbdev