[38992] in Kerberos
Re: kfw-4.1: ms2mit in virtual setups?
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Wed Sep 22 13:43:49 2021
From: John Devitofranceschi <foonon@gmail.com>
MIME-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Wed, 22 Sep 2021 13:40:42 -0400
To: kerberos@mit.edu
In-Reply-To: <8C50D02C-491E-4845-9A02-CA9BE3F7A367@gmail.com>
Message-ID: <9E5B1B14-E7B3-4731-AC48-46B3FADFAF52@gmail.com>
Content-Type: multipart/mixed; boundary="===============6171999113074229461=="
Errors-To: kerberos-bounces@mit.edu
--===============6171999113074229461==
Content-Type: multipart/signed;
boundary="Apple-Mail=_B10F5965-5F0E-4EA6-BB2D-792723E7D1DF";
protocol="application/pkcs7-signature"; micalg=sha-256
--Apple-Mail=_B10F5965-5F0E-4EA6-BB2D-792723E7D1DF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On Sep 18, 2021, at 8:21 AM, John Devitofranceschi <foonon@gmail.com> =
wrote:
>=20
> On Sep 18, 2021, at 12:50 AM, Greg Hudson <ghudson@MIT.EDU> wrote:
>>=20
>> On 9/17/21 5:14 PM, John Devitofranceschi wrote:
>>> I can see that =E2=80=9CAllowTGTSessionKey=E2=80=9D is set to =
=E2=80=981=E2=80=99 in the virtual registry. Is that not sufficient? =
Any way around this?
>>=20
>> The current documentation of AllowTgtSessionKey says: "With active
>> Credential Guard in Windows 10 and later versions of Windows, you =
cannot
>> enable sharing the TGT session keys with applications anymore."=20
>=20
>=20
> I=E2=80=99ve read that too, but Credential Guard is not running, =
according to the =E2=80=9CSystem Information=E2=80=9D panel on our test =
host.
>=20
>=20
It turns out that it works just fine if you set allowtgtsessionkey in =
the system registry. It is not sufficient to simply set it in the =
virtual registry.
jd=
--Apple-Mail=_B10F5965-5F0E-4EA6-BB2D-792723E7D1DF
Content-Disposition: attachment; filename="smime.p7s"
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCDMkw
ggYIMIID8KADAgECAgEBMA0GCSqGSIb3DQEBBAUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNV
BAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhv
cml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMB4XDTA1MTAxNDA3MzY1NVoX
DTMzMDMyODA3MzY1NVowVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93
d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57aiX3h++tykA10
oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1aQFjww9W4kpCz+JEjCUoqMV5
CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6CjQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ
6MMDPWAzv/fRb0fEze5ig1JuLgiapNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+
TJAFfpPBLIukjmJ0FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60
LhPtXapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luLoFvqTpa4
fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6R9Wb7yQocDggL9V/KcCy
QQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGprmB6gCZIALgBwJNjVSKRPFbnr9s6JfOP
MVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZC
dB6K4/jc0m+YnMtHmJVABfvpAgMBAAGjgb8wgbwwDwYDVR0TAQH/BAUwAwEB/zBdBggrBgEFBQcB
AQRRME8wIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCgGCCsGAQUFBzAChhxo
dHRwOi8vd3d3LkNBY2VydC5vcmcvY2EuY3J0MEoGA1UdIARDMEEwPwYIKwYBBAGBkEowMzAxBggr
BgEFBQcCARYlaHR0cDovL3d3dy5DQWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDANBgkqhkiG9w0B
AQQFAAOCAgEAfwiIodoaUEnaifuhCHLzivcexDq0eVsgMLFF3sJd02Vp8cJdVFQ8hV+5e0KRwpn9
G1Gbq0aloRBTnm2IrHNuLDOm8PSe4HXBPohFqeFmQ/5WWtF6QXj3QNpKOvELW6W7FgbmwueTuYVN
l0+xHjhDgO+bDYzvuKdgAIdXfR5EHMsj75s8mZ2vtSkcRXkWlk0nbfEcbMPCVWSzvBTi86QfHjL8
JxUFz90urj6CYXvwIRAY9kTqUzn53NCaIODGu+C7Wk/EmcgHvbW9otsuYg1CNEG8/4uK9VEiqogw
AOKw1Ly+ZbrVA1d5m+jcyE34UO2RpVIooqz7Nlg+6ZQrkVCHG9Ze1ozM9w8QDFJO0BZh5eUKbL8X
x3JGV5yY9WxgY3pvXrlOL8i5ubtqhbyYDe35PpeENJSuAK+h5eeSbk698+LZFItc0usBbKAXpS0Q
65x6Sr297s797SJAq3A4iPUKh2rCqwVgyUgF2lPB3kR3arPzPDztgLymOEopJF/+WTubJXpWYwBk
uV2kYn1XNk+tg+8fklOgjndX3eVhET0jAJBMPPqjYJMEo6819g5qj09KYKeFBWxGoY/0x3bjoVlX
93GyxG4UXG1tQWbfG5Ox1ADD7svPPD0hgKlfY2X83eBfpPQr8IVxQdRnJfsasZeu1pmCE0HSbqUb
mSeA5wupqAAwgga5MIIEoaADAgECAgMC4EIwDQYJKoZIhvcNAQELBQAwVDEUMBIGA1UEChMLQ0Fj
ZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0
IENsYXNzIDMgUm9vdDAeFw0yMDAyMjIxMzUyMzdaFw0yMjAyMjExMzUyMzdaMIIBEzEeMBwGA1UE
AxMVSm9obiBEZXZpdG9mcmFuY2VzY2hpMR8wHQYJKoZIhvcNAQkBFhBqZHZmQGhvdG1haWwuY29t
MR8wHQYJKoZIhvcNAQkBFhBmb29ub25AZ21haWwuY29tMSAwHgYJKoZIhvcNAQkBFhFmb29ub25A
aWNsb3VkLmNvbTEwMC4GCSqGSIb3DQEJARYham9obi5kZXZpdG9mcmFuY2VzY2hpQG91dGxvb2su
Y29tMS4wLAYJKoZIhvcNAQkBFh9qb2huLmRldml0b2ZyYW5jZXNjaGlAZ21haWwuY29tMSswKQYJ
KoZIhvcNAQkBFhxqZGV2aXRvZnJhbmNlc2NoaUBpY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzpN0oN/ZobcHyH7SxKKZvySYr674JJxZeVxLjACL8QQxz+/rJFZha5L9
VtfmPLqBw3YYJLeP50O9HanH3DL9VI8wkLRM9/SaFVjgMLC5HxSyeOifecApsHN6B1fskScJMSjJ
9MvbVqm5MXraEmXEA/nhjcNkuSg9qBJdmHaEK7gqmUxTXNEmELP2UN3/ubr031GuwyS8v3jeb+Ce
TzsghPQFTpX5Zl66FqZtlCDQ4N394OiF65oakhTGuNpRSfuYaV4QVnekSOwd7ZI0gPUqQPszzeHG
9aJjyIlKkjOy9IW/tvU0YAtE79Ie7UZoV8AP7Q1FStT7fcIEvtfTfw26mQIDAQABo4IB0TCCAc0w
DAYDVR0TAQH/BAIwADBWBglghkgBhvhCAQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRl
IGZvciBGUkVFIGhlYWQgb3ZlciB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDgYDVR0PAQH/BAQD
AgOoMEAGA1UdJQQ5MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGCNwoD
AwYJYIZIAYb4QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2Fj
ZXJ0Lm9yZzA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmNhY2VydC5vcmcvY2xhc3MzLXJl
dm9rZS5jcmwwgaQGA1UdEQSBnDCBmYEQamR2ZkBob3RtYWlsLmNvbYEQZm9vbm9uQGdtYWlsLmNv
bYERZm9vbm9uQGljbG91ZC5jb22BIWpvaG4uZGV2aXRvZnJhbmNlc2NoaUBvdXRsb29rLmNvbYEf
am9obi5kZXZpdG9mcmFuY2VzY2hpQGdtYWlsLmNvbYEcamRldml0b2ZyYW5jZXNjaGlAaWNsb3Vk
LmNvbTANBgkqhkiG9w0BAQsFAAOCAgEABrWEAb/rVjLz9d+o9P1CC0qIDXvyu6x6wcmsBfLx5FXA
XdblzLTtVrzyNhx9wGhd8LIP+rFPuSG+rbkvgkxLxEEAlnPSFiXqgXj+JDyHNuripIzJzTB2ebND
Wy4bvLC9ox+MySok5JQ9tuEBxIzZftiFzXy6N4DQTY/DWKAnocMW78h71TXfr4PcRgCfVqXXw5KN
cJldgK1jyOpB986FfXGsC1Q7HldwixPiGCTpMVjS8SwyO2OAoWzwMd4FYu2dWVaO6oqbUXQSIJev
361+BiNn93f6Lyvj3MtJznM3MdbJi+JyOuz8avCSZHi7ZxTH/E5EQ6QbxObrJJo9BkiLq3Rllo+L
mSOR5jNl2PSPRn9KjhW0O1Q1hQx/9uoWRdnUGWjUbylGwX/cVpg4c7xFAVhKp7/nypCIt6EQm6Yo
Zb7SEv5ht2gAMStvMj8ovxbkGfm6gUKMSGCyX26xtGtdyYWqTYwwQEU8IRT9AMyGS1SYrhX+0vqM
kI7YXd108KaIP9GCj/V7vBtOjgV2/fY1hVndVrHJgvwH8U522q5T6h1VQYl0LiJ6pVZt7j4f1+BD
1MxTrdUWiHpSTpQBsT0SdI0XWiIqMmRSBuZx9FDnVQ44yFgEBYC8NU4GAwRWKo0bp2+wni+n3YIy
jw7i9BY60gAaJ4stfR5Y4Z6Fj8zcM+cxggLNMIICyQIBATBbMFQxFDASBgNVBAoTC0NBY2VydCBJ
bmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFz
cyAzIFJvb3QCAwLgQjANBglghkgBZQMEAgEFAKCCAUMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMjEwOTIyMTc0MDQyWjAvBgkqhkiG9w0BCQQxIgQg76W9EEhg570S
kBOuP7BoA37z7a+xepmwndWjVRI7ek8wagYJKwYBBAGCNxAEMV0wWzBUMRQwEgYDVQQKEwtDQWNl
cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQg
Q2xhc3MgMyBSb290AgMC4EIwbAYLKoZIhvcNAQkQAgsxXaBbMFQxFDASBgNVBAoTC0NBY2VydCBJ
bmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMTE0NBY2VydCBDbGFz
cyAzIFJvb3QCAwLgQjANBgkqhkiG9w0BAQsFAASCAQCCUVGDsuZ/mTQMcuxBtkmz9jZwH5KJwgVW
eG+kZilJLOIHQ45oeqF+JGNG2tQhzuwJhamo4CKP2oOWKa9J/wdTjhSg9MWrOigigd721VzT7LsV
v3rgklvczGJR+oY5cl8EP0n3flhsRHBDw3qrDARL2jW7x2T2VtoKqyJs2fhHlAEC4fHZL/j12Y+z
Gpl4JbUHxnFluggL2omgACF8I0sa2ZPFLzMPCDQoXu9/RzuifP4mB6QpKtggFvxXeEqm83P1Fz02
GxmB7fAVjBLMIejSZLFjZBP5A3LMMaBev4jLeyJ7JvBA8g80Rnq5m6VfW6xxeP+9tTCAH4h0gPyG
pBtdAAAAAAAA
--Apple-Mail=_B10F5965-5F0E-4EA6-BB2D-792723E7D1DF--
--===============6171999113074229461==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============6171999113074229461==--
