[External] : Re: Windows Credential Guard with MSLSA

Seshan Parameswaran seshan.parameswaran at oracle.com
Fri Jun 24 12:26:33 EDT 2022

My question is specifically about MSLSA and Credential Guard.  If you have a Kerberos Configuration with the credential cache specified as MSLSA in the Kerberos Configuration and in the KDC host the MSLSA is backed by Credential Guard where the actual session keys are stored.  That is the specific configuration I am mentioning about.

From: Sam Hartman <hartmans at debian.org>
Date: Friday, June 24, 2022 at 7:55 AM
To: Seshan Parameswaran <seshan.parameswaran at oracle.com>, krbdev at mit.edu <krbdev at mit.edu>
Subject: [External] : Re: Windows Credential Guard with MSLSA

It used to be the case that the MSLSA cache would work reasonably well
without TGT keys available.
Namely, if you retrieved a ticket the cache would ask the LSA to get the
ticket for you,.
Does this no longer work?
If this does work, does it meet your needs?
If not, what functionality are you missing?

More information about the krbdev mailing list