[33328] in Kerberos
Re: Klist issues with Windows 7
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Tue Apr 12 13:24:04 2011
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@mit.edu
Message-ID: <4DA48A9B.2050003@secure-endpoints.com>
Date: Tue, 12 Apr 2011 13:23:39 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <BANLkTi=xTDQYmMHLdpehU7VxUu0wTquL=g@mail.gmail.com>
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============1712327401=="
Errors-To: kerberos-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1712327401==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig07DFD2B5469A7590B0AB9961"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig07DFD2B5469A7590B0AB9961
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 4/12/2011 12:21 PM, Robert Schr=C3=B6der wrote:
> The console just returns something like this:
>=20
> *Current LogonId is 0:0x1a38a
> Cached Tickets: (0)*
>=20
> If I try klist with the tgt value, I'm getting the following failure:
>=20
> *Error calling API LsaCallAuthenticationPackage (Ticket Granting Ticket=
> substatus): 1312
> *
> *klist failed with 0x8009030e/-2146893042: No credentials are available=
in
> the security package*
>=20
> But if I start the cmd-console with administrator privileges, everythin=
g
> works fine.
You cannot access the LSA ticket store under User Account Control (UAC)
restricted processes. If you were able to read the TGT, you could
bypass the process restrictions without the user being prompted.
UAC applies to any account that is not the Local Administrator account
that is added to the Administrators Group.
Jeffrey Altman
--------------enig07DFD2B5469A7590B0AB9961
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJNpIqbAAoJENxm1CNJffh4d54H/20wNvoDMEtosVNDpgx0wYsW
tFrsAKNy1vDm/xTB2zHuF6Bg68lGtU9+Axqj1NHjucWk2slmeRb+Nr3p5K3pldDQ
JFD8TrYCa4HWKwicim2r9xoRixv5Tx3ij6Cyp+Bnu2EN8SOEPzp2Ve+cSF2d94k0
Z1EIV56EzVWzcw8SWh9vegcyetrB5h6iHgFna6sQmQydT2Y5jDZXT8KQc5Ijd8nL
mDJWimi0EeZ1bttjT8P+7GlPVaUfY6tKPeS8RAn4wXxr+HSTyLbG7VukpWG2L7/l
qBw4iq8Kd9tiXjVEstu/yq5SGWlm4l8t87Tw32x3KPvbqbZP9IS6V0aZv92/cyY=
=+HgN
-----END PGP SIGNATURE-----
--------------enig07DFD2B5469A7590B0AB9961--
--===============1712327401==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1712327401==--
