[28159] in Kerberos

home help back first fref pref prev next nref lref last post

Re: SSO Fails on XP SP2

daemon@ATHENA.MIT.EDU (Miguel Sanders)
Tue Jul 31 01:15:10 2007

From: Miguel Sanders <miguelsanders@telenet.be>
Date: Mon, 30 Jul 2007 22:00:11 -0700
Message-ID: <1185858011.253554.141040@b79g2000hse.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
In-Reply-To: <mailman.57.1185825284.4012.kerberos@mit.edu>
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

I see that I receive the cross realm ticket.
However I don't receive any service ticket!

On 30 jul, 21:53, "Markus Moeller" <hua...@moeller.plus.com> wrote:
> Can you use kerbtray to see if you get the service principal ?
>
> Markus
>
> "Miguel Sanders" <miguelsand...@telenet.be> wrote in message
>
> news:1185823586.577161.78640@l70g2000hse.googlegroups.com...
>
>
>
> > Markus, I already tried editing that setting but no luck either...
> > Everytime I think I am done with this setup, there is a new issue...
> > However, the SSO from the Linux clients to the UNIX KDCs worked
> > instantly!
>
> > On 30 jul, 20:52, "Markus Moeller" <hua...@moeller.plus.com> wrote:
> >> You might need this:
>
> >> "This new feature has been seen in Windows 2003 Server, Windows 2000
> >> Server
> >> SP4, and Windows XP SP2.  We assume that it will be implemented in all
> >> future Microsoft operating systems supporting the Kerberos SSPI.
> >> Microsoft
> >> does work closely with MIT and has provided a registry key to disable
> >> this
> >> new feature.
>
> >>   HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
> >> AllowTGTSessionKey = 0x01 (DWORD)On Windows XP SP2 the key is specified
> >> as
>
> >>   HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
> >> AllowTGTSessionKey =
> >> 0x01 (DWORD)"as described
> >> herehttp://web.mit.edu/kerberos/kfw-2.6/kfw-2.6.5/relnotes.html#mslsa
>
> >> Regards
> >> Markus
>
> >> "Miguel Sanders" <miguelsand...@telenet.be> wrote in message
>
> >>news:1185818694.532130.67160@g4g2000hsf.googlegroups.com...
>
> >> > Dear all
>
> >> > I don't know whether or not I should post this here or in
> >> > microsoft.xp.client but I will do both.
> >> > After successfully implementing a cross realm trust between AD and a
> >> > UNIX realm, it seems that the clients that user SP1 can successfully
> >> > have SSO to the UNIX machine whereas the SP2 people can't. Can anyone
> >> > help me out, since I am not a Windows expert :-)
> >> > The tool I use for SSO on the Windows clients is Vintella Putty 0.60
> >> > q1.129.
>
> >> > Kind regards
>
> >> > Miguel
>
> >> > ________________________________________________
> >> > Kerberos mailing list           Kerbe...@mit.edu
> >> >https://mailman.mit.edu/mailman/listinfo/kerberos-Tekst uit
> >> >oorspronkelijk bericht niet weergeven -
>
> >> - Tekst uit oorspronkelijk bericht weergeven -
>
> > ________________________________________________
> > Kerberos mailing list           Kerbe...@mit.edu
> >https://mailman.mit.edu/mailman/listinfo/kerberos- Tekst uit oorspronkelijk bericht niet weergeven -
>
> - Tekst uit oorspronkelijk bericht weergeven -


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post