Windows Credential Guard with MSLSA
seshan.parameswaran at oracle.com
Thu Jun 23 19:40:59 EDT 2022
I am trying to use Windows Credential Guard with MSLSA.
Without the Windows Credential Guard, the Kerberos Authentication works fine by setting the AllowTgtSessionKey. This link https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-protocol-registry-kdc-configuration-keys says that with active Credential Guard in Windows 10 you cannot enable sharing the TGT session keys with applications anymore.
I am trying to understand if there is a workaround to share TGT Session Keys with applications when Windows Credential Guard is used with MSLSA.
I read through several links found online and per my understanding there the TGT Session Keys are encrypted and stored within Credential Guard and Credential Guard manages the storage and retrieval of the TGT Session Keys. I am looking for some kind of API call and its related documentation if you have that could be invoked from the MIT library for Linux to be able to retrieve the TGT Session Keys when they are stored with Windows Credential Guard.
Please let me know
More information about the krbdev