[28149] in Kerberos
Re: SSO Fails on XP SP2
daemon@ATHENA.MIT.EDU (Markus Moeller)
Mon Jul 30 14:53:46 2007
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Mon, 30 Jul 2007 19:52:11 +0100
Message-ID: <f8lc2e$8g1$1@sea.gmane.org>
X-Complaints-To: usenet@sea.gmane.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
You might need this:
"This new feature has been seen in Windows 2003 Server, Windows 2000 Server
SP4, and Windows XP SP2. We assume that it will be implemented in all
future Microsoft operating systems supporting the Kerberos SSPI. Microsoft
does work closely with MIT and has provided a registry key to disable this
new feature.
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
AllowTGTSessionKey = 0x01 (DWORD)On Windows XP SP2 the key is specified as
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos AllowTGTSessionKey =
0x01 (DWORD)"as described here
http://web.mit.edu/kerberos/kfw-2.6/kfw-2.6.5/relnotes.html#mslsa
Regards
Markus
"Miguel Sanders" <miguelsanders@telenet.be> wrote in message
news:1185818694.532130.67160@g4g2000hsf.googlegroups.com...
> Dear all
>
> I don't know whether or not I should post this here or in
> microsoft.xp.client but I will do both.
> After successfully implementing a cross realm trust between AD and a
> UNIX realm, it seems that the clients that user SP1 can successfully
> have SSO to the UNIX machine whereas the SP2 people can't. Can anyone
> help me out, since I am not a Windows expert :-)
> The tool I use for SSO on the Windows clients is Vintella Putty 0.60
> q1.129.
>
>
> Kind regards
>
>
> Miguel
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos