[20377] in Kerberos_V5_Development
Re: [External] : Re: Windows Credential Guard with MSLSA
daemon@ATHENA.MIT.EDU (Seshan Parameswaran)
Fri Jun 24 14:01:34 2022
From: Seshan Parameswaran <seshan.parameswaran@oracle.com>
To: Sam Hartman <hartmans@debian.org>, "krbdev@mit.edu" <krbdev@mit.edu>
Date: Fri, 24 Jun 2022 18:00:14 +0000
Message-ID: <BYAPR10MB3479DCFAD01912A5DFA8797D9DB49@BYAPR10MB3479.namprd10.prod.outlook.com>
In-Reply-To: <tsl4k0aynd8.fsf@suchdamage.org>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
If I understood your comments correctly you were asking about how MSLSA used to work without the TGT keys available. My experience is the other way around. Even with just the MSLSA configuration without the credential guard, without the AllowTgtSessionKey setting in the KDC host registry key setting the MSLSA Kerberos configuration would not work. Please let me know if you have a way around for this as well as the credential guard. Please keep in mind that this a Linux with MSLSA Library for Linux and not windows
From: Sam Hartman <hartmans@debian.org>
Date: Friday, June 24, 2022 at 10:36 AM
To: Seshan Parameswaran <seshan.parameswaran@oracle.com>, krbdev@mit.edu <krbdev@mit.edu>
Subject: Re: [External] : Re: Windows Credential Guard with MSLSA
>>>>> "Seshan" == Seshan Parameswaran <seshan.parameswaran@oracle.com> writes:
Seshan> My question is specifically about MSLSA and Credential
Seshan> Guard. If you have a Kerberos Configuration with the
Seshan> credential cache specified as MSLSA in the Kerberos
Seshan> Configuration and in the KDC host the MSLSA is backed by
Seshan> Credential Guard where the actual session keys are stored.
I understood that, and my comments were in that context.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
