[38990] in Kerberos
Re: kfw-4.1: ms2mit in virtual setups?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Sep 18 00:53:22 2021
To: John Devitofranceschi <foonon@gmail.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <bf71db84-c71c-c1d9-ddbe-dc6f2b172dce@mit.edu>
Date: Sat, 18 Sep 2021 00:50:33 -0400
MIME-Version: 1.0
In-Reply-To: <66D74D06-DA25-4B49-9CB5-2A74ED7A412C@gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 9/17/21 5:14 PM, John Devitofranceschi wrote:
> I can see that “AllowTGTSessionKey” is set to ‘1’ in the virtual registry. Is that not sufficient? Any way around this?
The current documentation of AllowTgtSessionKey says: "With active
Credential Guard in Windows 10 and later versions of Windows, you cannot
enable sharing the TGT session keys with applications anymore." That's
from:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-protocol-registry-kdc-configuration-keys
There's more on Credential Guard at:
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
