[External] : Re: Windows Credential Guard with MSLSA
seshan.parameswaran at oracle.com
Fri Jun 24 14:00:14 EDT 2022
If I understood your comments correctly you were asking about how MSLSA used to work without the TGT keys available. My experience is the other way around. Even with just the MSLSA configuration without the credential guard, without the AllowTgtSessionKey setting in the KDC host registry key setting the MSLSA Kerberos configuration would not work. Please let me know if you have a way around for this as well as the credential guard. Please keep in mind that this a Linux with MSLSA Library for Linux and not windows
From: Sam Hartman <hartmans at debian.org>
Date: Friday, June 24, 2022 at 10:36 AM
To: Seshan Parameswaran <seshan.parameswaran at oracle.com>, krbdev at mit.edu <krbdev at mit.edu>
Subject: Re: [External] : Re: Windows Credential Guard with MSLSA
>>>>> "Seshan" == Seshan Parameswaran <seshan.parameswaran at oracle.com> writes:
Seshan> My question is specifically about MSLSA and Credential
Seshan> Guard. If you have a Kerberos Configuration with the
Seshan> credential cache specified as MSLSA in the Kerberos
Seshan> Configuration and in the KDC host the MSLSA is backed by
Seshan> Credential Guard where the actual session keys are stored.
I understood that, and my comments were in that context.
More information about the krbdev