[External] : Re: Windows Credential Guard with MSLSA
Seshan Parameswaran
seshan.parameswaran at oracle.com
Wed Sep 6 03:46:44 EDT 2023
Hi Sam
I am trying to revisit the question I asked a year ago. Could you please specify if the comments you mentioned below are specific to Windows Native or is applicable to both Windows as well as Linux?
Thanks
Seshan
From: Seshan Parameswaran <seshan.parameswaran at oracle.com>
Date: Friday, June 24, 2022 at 9:26 AM
To: Sam Hartman <hartmans at debian.org>, krbdev at mit.edu <krbdev at mit.edu>
Subject: Re: [External] : Re: Windows Credential Guard with MSLSA
My question is specifically about MSLSA and Credential Guard. If you have a Kerberos Configuration with the credential cache specified as MSLSA in the Kerberos Configuration and in the KDC host the MSLSA is backed by Credential Guard where the actual session keys are stored. That is the specific configuration I am mentioning about.
From: Sam Hartman <hartmans at debian.org>
Date: Friday, June 24, 2022 at 7:55 AM
To: Seshan Parameswaran <seshan.parameswaran at oracle.com>, krbdev at mit.edu <krbdev at mit.edu>
Subject: [External] : Re: Windows Credential Guard with MSLSA
It used to be the case that the MSLSA cache would work reasonably well
without TGT keys available.
Namely, if you retrieved a ticket the cache would ask the LSA to get the
ticket for you,.
Does this no longer work?
If this does work, does it meet your needs?
If not, what functionality are you missing?
More information about the krbdev
mailing list