[20375] in Kerberos_V5_Development
Re: [External] : Re: Windows Credential Guard with MSLSA
daemon@ATHENA.MIT.EDU (Seshan Parameswaran)
Fri Jun 24 12:29:12 2022
From: Seshan Parameswaran <seshan.parameswaran@oracle.com>
To: Sam Hartman <hartmans@debian.org>, "krbdev@mit.edu" <krbdev@mit.edu>
Date: Fri, 24 Jun 2022 16:26:33 +0000
Message-ID: <BYAPR10MB3479E8D157F4A9100FA7FA7A9DB49@BYAPR10MB3479.namprd10.prod.outlook.com>
In-Reply-To: <tsl7d56yuv0.fsf@suchdamage.org>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
My question is specifically about MSLSA and Credential Guard. If you have a Kerberos Configuration with the credential cache specified as MSLSA in the Kerberos Configuration and in the KDC host the MSLSA is backed by Credential Guard where the actual session keys are stored. That is the specific configuration I am mentioning about.
From: Sam Hartman <hartmans@debian.org>
Date: Friday, June 24, 2022 at 7:55 AM
To: Seshan Parameswaran <seshan.parameswaran@oracle.com>, krbdev@mit.edu <krbdev@mit.edu>
Subject: [External] : Re: Windows Credential Guard with MSLSA
It used to be the case that the MSLSA cache would work reasonably well
without TGT keys available.
Namely, if you retrieved a ticket the cache would ask the LSA to get the
ticket for you,.
Does this no longer work?
If this does work, does it meet your needs?
If not, what functionality are you missing?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
