[External] : Re: Windows Credential Guard with MSLSA

Seshan Parameswaran seshan.parameswaran at oracle.com
Wed Sep 6 12:17:38 EDT 2023

I am running on Oracle Enterprise Linux and using MIT libraries.  I am aware of the AllowTgtSessionKey Registry setting parameter that works when MSLSA is used without the Credential Guard.  My query is specific to MSLSA used with Windows Credential Guard.

From: Sam Hartman <hartmans at debian.org>
Date: Wednesday, September 6, 2023 at 6:29 AM
To: Seshan Parameswaran <seshan.parameswaran at oracle.com>, krbdev at mit.edu <krbdev at mit.edu>
Subject: Re: [External] : Re: Windows Credential Guard with MSLSA
>>>>> "Seshan" == Seshan Parameswaran <seshan.parameswaran at oracle.com> writes:

    Seshan> Hi Sam I am trying to revisit the question I asked a year
    Seshan> ago.  Could you please specify if the comments you mentioned
    Seshan> below are specific to Windows Native or is applicable to
    Seshan> both Windows as well as Linux?

Linux doesn't have an MSLSA cache.
If you're running on some version of WSL, then it kind of depends on
your Kerberos implementation.
I do not think that as shipped a Linux build of the MIT sources can
access an MSLSA cache under WSL.

More information about the krbdev mailing list