How does MIT Kerberos SDK works with MSLSA:

[deepak kumar]

Hi All,

I have been working on  developing  Client and a  Service application for
Windows as a prototype. These prototypes should do kerberos based mutual
authentication where client should authenticate using the logged on
credentials of the logged in windows user.
I am using Kerberos for Windows 4.

Now if i do klist MSLSA: on command prompt, I get a list of service ticket
like
HOST/........
LDAP/.......
cifs/.......

but I don't see any krbtgt (TGT).
But the client application still works as long as there is any service
ticket available(visible in klist).
After a while service tickets expires and klist start returning empty list.
At this time the client aplication start to fail saying  credential cache
is empty..

If I keep waiting for some time some other service ticket will
automatically get generated and application will start working again.

I know by setting  enabletgtseesionkey registry entry to true. will allow
us to see TGT using klist. but we don't want to change any registry
settings...

I want to know how the client application is working without TGT. and why
service ticket dissappear after expiry time .Is there any way to get them
renewed  automatically.


Thanks
Deepak