[37325] in Kerberos
Re: Windows
daemon@ATHENA.MIT.EDU (Randolph Morgan)
Wed Nov 18 16:17:51 2015
To: Benjamin Kaduk <kaduk@mit.edu>
From: Randolph Morgan <randym@chem.byu.edu>
Message-ID: <564CEAE4.10501@chem.byu.edu>
Date: Wed, 18 Nov 2015 14:17:24 -0700
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1511162132000.26829@multics.mit.edu>
Cc: "'kerberos@mit.edu'" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I found the answer to my question, so I thought I would share it with
others here on the list. To get Windows to acknowledge that a ticket
has been issued through MIT Kerberos KfW 4.0.1 you need to edit a
registry key. The key is located at: HKEY_CURRENT_USER\SOFTWARE\MIT
Kerberos\Settings. Click on Issued and change the value from 0 to 1.
Once I did this a klist now shows the ticket issued by KfW 4.0.1.
Randy
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
On 11/16/2015 8:01 PM, Benjamin Kaduk wrote:
> On Mon, 16 Nov 2015, Randolph Morgan wrote:
>
>> I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything
>> I have read indicates that the identity manager is not integrated into
>> the new ticket manager. Ticket manager shows that I have received a
> I'm not sure what you mean by these terms. Is "the identity manager" the
> "Network Identity Manager" such as is available from
> https://www.secure-endpoints.com/netidmgr/v2/ ? Is the "new ticket
> manager" the "MIT Kerberos.exe" distributed in the KfW 4.0.1 installer?
>
>> ticket from my krbtgt from my server, but Windows does not show a ticket
>> when I run klist. If I run kinit, Windows receives and the ticket
> There is a klist.exe shipped with Windows by Microsoft, that is unrelated
> to either of the previously mentioned programs. (You can get the KfW
> klist.exe by specifying a full path, e.g., C:\Program
> Files\MIT\Kerberos\bin\klist.exe)
>
>> manager shows a ticket, but if I go through the ticket manager Windows
>> does not show a valid ticket. is there some kind of registry setting
>> that I need to modify, or is there something in my krb5.ini file that I
>> should modify so that windows shows a ticket when it is issued through
>> the ticket manager?
> It sounds like perhaps (but it's very hard to tell since the description
> lacks sufficient detail) you are putting credentials into different caches
> when obtained via the command-line and via the MIT Kerberos.exe Ticket
> Manager. The KfW klist.exe with the -A argument should help clarify
> whether this is the case. Only the MSLSA: cache is accessible to the
> Microsoft Kerberos implementation.
>
> The MIT Kerberos.exe Ticket Manager does have a "make default"
> functionality that will set a registry key for future credential
> acquisitions.
>
> -Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
