[External] : Re: Windows Credential Guard with MSLSA

Seshan Parameswaran seshan.parameswaran at oracle.com
Fri Jun 24 14:00:14 EDT 2022

If I understood your comments correctly you were asking about how MSLSA used to work without the TGT keys available.  My experience is the other way around.  Even with just the MSLSA configuration without the credential guard,  without the AllowTgtSessionKey setting in the KDC host registry key setting the MSLSA Kerberos configuration would not work.  Please let me know if you have a way around for this as well as the credential guard.  Please keep in mind that this a Linux with MSLSA Library for Linux and not windows

From: Sam Hartman <hartmans at debian.org>
Date: Friday, June 24, 2022 at 10:36 AM
To: Seshan Parameswaran <seshan.parameswaran at oracle.com>, krbdev at mit.edu <krbdev at mit.edu>
Subject: Re: [External] : Re: Windows Credential Guard with MSLSA
>>>>> "Seshan" == Seshan Parameswaran <seshan.parameswaran at oracle.com> writes:

    Seshan> My question is specifically about MSLSA and Credential
    Seshan> Guard.  If you have a Kerberos Configuration with the
    Seshan> credential cache specified as MSLSA in the Kerberos
    Seshan> Configuration and in the KDC host the MSLSA is backed by
    Seshan> Credential Guard where the actual session keys are stored.

I understood that, and my comments were in that context.

More information about the krbdev mailing list