[28152] in Kerberos
Re: SSO Fails on XP SP2
daemon@ATHENA.MIT.EDU (James Turner)
Mon Jul 30 15:42:57 2007
From: "James Turner" <rturner@amalfisystems.com>
To: "Miguel Sanders" <miguelsanders@telenet.be>, kerberos@mit.edu
Message-ID: <W24429606187941185824554@webmail30>
Date: Mon, 30 Jul 2007 19:42:34 +0000
MIME-Version: 1.0
Reply-To: rturner@amalfisystems.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I know some people have been tripped up with compatible cryptographic algorithms when connecting Linux-kerberos to Windows-kerberos. It's not that that MIT doesn't support Windows crypto algorithms. It seems like I remember that you have to modify the default algorithm, but this may not be necessary any more with recent releases...
Randy
-----Original Message-----
From: Miguel Sanders [mailto:miguelsanders@telenet.be]
Sent: Monday, July 30, 2007 12:26 PM
To: kerberos@mit.edu
Subject: Re: SSO Fails on XP SP2
Markus, I already tried editing that setting but no luck either...
Everytime I think I am done with this setup, there is a new issue...
However, the SSO from the Linux clients to the UNIX KDCs worked
instantly!
On 30 jul, 20:52, "Markus Moeller" <hua...@moeller.plus.com> wrote:
> You might need this:
>
> "This new feature has been seen in Windows 2003 Server, Windows 2000 Server
> SP4, and Windows XP SP2. We assume that it will be implemented in all
> future Microsoft operating systems supporting the Kerberos SSPI. Microsoft
> does work closely with MIT and has provided a registry key to disable this
> new feature.
>
> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
> AllowTGTSessionKey = 0x01 (DWORD)On Windows XP SP2 the key is specified as
>
> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos AllowTGTSessionKey =
> 0x01 (DWORD)"as described herehttp://web.mit.edu/kerberos/kfw-2.6/kfw-2.6.5/relnotes.html#mslsa
>
> Regards
> Markus
>
> "Miguel Sanders" <miguelsand...@telenet.be> wrote in message
>
> news:1185818694.532130.67160@g4g2000hsf.googlegroups.com...
>
>
>
> > Dear all
>
> > I don't know whether or not I should post this here or in
> > microsoft.xp.client but I will do both.
> > After successfully implementing a cross realm trust between AD and a
> > UNIX realm, it seems that the clients that user SP1 can successfully
> > have SSO to the UNIX machine whereas the SP2 people can't. Can anyone
> > help me out, since I am not a Windows expert :-)
> > The tool I use for SSO on the Windows clients is Vintella Putty 0.60
> > q1.129.
>
> > Kind regards
>
> > Miguel
>
> > ________________________________________________
> > Kerberos mailing list Kerbe...@mit.edu
> >https://mailman.mit.edu/mailman/listinfo/kerberos- Tekst uit oorspronkelijk bericht niet weergeven -
>
> - Tekst uit oorspronkelijk bericht weergeven -
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos