[38360] in Kerberos
MIT Kerberos client and default cache
daemon@ATHENA.MIT.EDU (Pierre Dehaen)
Tue Oct 16 03:41:09 2018
From: "Pierre Dehaen" <dehaenp@drever.be>
To: kerberos@mit.edu
Date: Tue, 16 Oct 2018 09:40:42 +0200
MIME-Version: 1.0
Message-ID: <5BC595FA.5847.235896B8@dehaenp.drever.be>
Content-description: Mail message body
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello list,
Configuration:
- Windows are clients of an AD
- Kfw 4.1 is used to acquire tickets from another realm
- Clients use tickets through Firefox to access apache applications
- All working well
In the Kfw GUI, next to the TGT of the additional realm, we see the TGT of the AD. The
former shows API: as credential cache, while the later shows MSLSA:, all good.
According to <https://mailman.mit.edu/pipermail/kerberos/2015-April/020637.html>: Once
you have a ticket, the "make default" button will set the registry entry for you.
That is the problem: once a user has clicked "Make default" while the AD ticket was by
chance selected, only one TGT can be acquired at a time, each Get Ticket overwrites all
existing tickets.
Okay, I can fix this in the registry... but users can't, that's too difficult/risky, and I don't find a
way to revert to the default credential cache from the GUI. Even the "Make default" trick does
not work anymore as all tickets are MSLSA tickets.
Any advice?
TIA,
Pierre Dehaen
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos