[20442] in Kerberos_V5_Development
Re: [External] : Re: Windows Credential Guard with MSLSA
daemon@ATHENA.MIT.EDU (Seshan Parameswaran)
Wed Sep 6 12:19:08 2023
From: Seshan Parameswaran <seshan.parameswaran@oracle.com>
To: Sam Hartman <hartmans@debian.org>, "krbdev@mit.edu" <krbdev@mit.edu>
Date: Wed, 6 Sep 2023 16:17:38 +0000
Message-ID: <BYAPR10MB3479DDC2FF102C56220FA65A9DEFA@BYAPR10MB3479.namprd10.prod.outlook.com>
In-Reply-To: <tsl1qfbv3a8.fsf@suchdamage.org>
Content-Language: en-US
DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: =?us-ascii?Q?F4yl6kjEKuZyqHcawgYht3eeqnvvF2Qg4IYXsN9ilWScC39WIhCdJplOisXp?=
=?us-ascii?Q?KIbPP/8bda+PjSlyKSpqro78ye8+IVrEaDLry+toxMP3YUoQzx0sEqMOATxm?=
=?us-ascii?Q?Jk828/BI8G0jPojvxGQNLsi4OAsw4p+XVaeyXe+VGw/fbmOKPBGW8hzO/huu?=
=?us-ascii?Q?ZWjDz0oetz1pKXdwFJh/X05cUUAdL+RafExfg+7s8/aH9ybgC7asTxqinE6w?=
=?us-ascii?Q?b9RuQ1KxOGKzKNHTwQjGlYw2td6o+QYMh3hOsPvlCWMBz/Si5FBGkLYq8uHi?=
=?us-ascii?Q?nv1H3ENJvU9439AloCpbL9dX1dkxZbjlaQX2vhSubUhCT4BN4NRKXPFx6ih1?=
=?us-ascii?Q?dLipLyHskauP8JehrS5I2s0eoAjlZ3ydg82plqFCyXjJbUyJCGuIoViU1sW2?=
=?us-ascii?Q?n+A+zF6cx1dba9X5g0+zUaPNhdgkm2CYx9tOHcg+1tXYrthmYsNnxeUImKyn?=
=?us-ascii?Q?6YcXTGwTJiAyJ9GlXW+F5vYmpheNRWNa4AHpFuWGJzOZlK9s8A9eCUBYXJFX?=
=?us-ascii?Q?DUoY7FuXvoIZ1PQsLD/AoWy0q9VTrcsvAURaYi3DOXvX/pBGd96bix8T5fzA?=
=?us-ascii?Q?ozafU4Xpqv/uksIQQakMuwKaTri4twd4nURW/y0kf9wQa9FnAYcLKxGCwxW/?=
=?us-ascii?Q?4/xlbGZe1Q7Nh7kBPZZQ70xmCj/syA0NsuNn/FjzPRL95uIiWL4h5k96gZ/Q?=
=?us-ascii?Q?luStPagBKArilD3jjeQbPOVCE+1JwRbo3ES9MB7n42NWV9gvUAFtsPZJUEOL?=
=?us-ascii?Q?lDKhCGj0O/3ECYMu/PL/n+KGntwU3XrucMjUdPPtVE6Y1ee1Al2pWFGTRZ2j?=
=?us-ascii?Q?UjHw1eWKro5SOcH6POmZ/C5so2uYN82muf4HSZr6blXE9AZhEDhv0gw62UjV?=
=?us-ascii?Q?e4MkL5XxEhVZRcjtDJI2kRW1IlnLSGtcJct2tF44F/Wfv32l8ytDMylZYZ/k?=
=?us-ascii?Q?iIsZYKiivM2mU1fkJHUrHImnHey98yfxrVVTWRP0gInMSlKoN1If5nIK5kkN?=
=?us-ascii?Q?XkBj0O4Np1HzLfaXn4UzNQqz1AdEfT6xEmw6HNGZ146q5sQ/F3aFENrMUnnj?=
=?us-ascii?Q?bBrEkxAotuSPihZS9O79m0uXedWZoR0qvKRpHd6l6cXUlf89GYDfAAbPJ2k6?=
=?us-ascii?Q?v7exuhyA33M75262gR+uJRHeteNwXa1SfKaUC3aw24YTC5tE3Er/h70qSWbQ?=
=?us-ascii?Q?UWvHdB7jRsYpcIErw2YTTw3qDDJt//D4m8NwYzJ1i6Df+nigfcRXb1yQhtDW?=
=?us-ascii?Q?nmxZ3F94REDYu+DSJGogxzAQ1Iksu5KjA+B4By7nzUW/l1pUuNFu3WvLRTqz?=
=?us-ascii?Q?9VezSsRrHYbMXD57lLZE6j6AgFd2DpCWHtm4t9j9veBTEkEXzH6uSzLCOmXY?=
=?us-ascii?Q?l6w1M786OKY12zUoDL2292ZvsM+6ud77x5y2ecsvacC0crpLsg9E5qi7RCkv?=
=?us-ascii?Q?1el47wJBR8nE39FonzMIJW7syv0um/5zQTBL6eU9PL5CXp6Ji6AzkpjblXW8?=
=?us-ascii?Q?Wco9A0GB/45/Hwq604M683m8MZnA/BZ3JbILRQVhQomePpwWCReGZofo7c96?=
=?us-ascii?Q?vQaD+5NaTx5fFG84NReEw4n+wEN3w5w0DBQeNTptL1xn/Qee+KixDL/+mgv6?=
=?us-ascii?Q?1LQMkrO+VeGnZHiWzmylqhM=3D?=
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR10MB4335
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.601,FMLib:17.11.176.26
definitions=2023-09-06_06,2023-09-05_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
mlxscore=0 adultscore=0
mlxlogscore=999 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000
definitions=main-2309060141
X-Proofpoint-GUID: CaHPQVeBTdYS9sJI3foJH1WJE7I8UQeN
X-Proofpoint-ORIG-GUID: CaHPQVeBTdYS9sJI3foJH1WJE7I8UQeN
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DS2PEPF00003445.namprd04.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 707afe7a-7791-4b21-06ab-08dbaef4c9e5
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fZWlOFwy74rT9asuxomj+JAo6VeYm2i04iPjyPpBuurInqU6i3ixaYr1cBQ1JRO0sh9wjHj4wh13y8hoQIGnXp5eDsw25wtju7AS+7l8QXY3/mw4iYcVxfUY3MXOkNLlSbjP5W8G+hBiBqC87FkJRwmuVrHwOUFaHB+SyOxqMMicZIvJ/Up/dSci9ZNGI2jm5lThU5Kn8ZZ5eU/2PEM7JxiPReD+l4hgwRfFUElAefF5zF2s5EZgVx9Kff8ythMaFeNzsBePvZkO1K02XnTPCl0Qg4O5FVZKGZT+aCZsF9o8ubjvG4YpCEDtxp//lILqgsbq8c++E3an9h8gS4DsQb+TvCZgs1lF1e9jbH5KJw5sVM2ovINf1M2USLjVX0Idm72ssIWRCAqxMnIKFncaYj2XTvXSv+6irUEMy2EEziPNbcY67FC4BsWBFMq+JHE9B/Y/HAteA8YpRlfg28ffVFzkZ6BYSuqluXi7hw5tzGr8X+6QO8YXNjKYN6yNyYEfoBR3NumQeK+KwreKyFxE2MZHXDIyZODf+VfBDrdeh0AW/nNBdgB0V5M2CuSi/5IaT9effQJiDv3QtZpsgpClI0wTgBjSxQyWgxv/RSNADpOlPH+Eov34Mr9vq1P167eQYc/wCcEz1nxayUTZwl/mEJ7WOsH0shdo7SkAnqId47Jsagj8RY7kg5O7mOnSNfEvmjTAm6PtQtW3dv84m4lOGQ==
X-Forefront-Antispam-Report: CIP:205.220.177.32; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mx0b-00069f02.pphosted.com;
PTR:mx0b-00069f02.pphosted.com; CAT:NONE;
SFS:(13230031)(4636009)(346002)(376002)(136003)(396003)(39860400002)(48200799006)(451199024)(61400799006)(55016003)(86362001)(33656002)(356005)(7596003)(7636003)(498600001)(2906002)(53546011)(9686003)(7696005)(6506007)(8676002)(44832011)(5660300002)(52536014)(110136005)(786003)(316002)(68406010)(83310400002)(70586007)(83380400001)(83320400002)(83300400002)(83290400002)(83280400002)(26005)(336012);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2023 16:17:48.0674 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 40981fdc-d7a0-4010-92c7-08dbaef4cfbb
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003445.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR01MB7858
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: krbdev@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Kerberos Developers Mailing List <krbdev.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/krbdev>,
<mailto:krbdev-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/krbdev/>
List-Post: <mailto:krbdev@mit.edu>
List-Help: <mailto:krbdev-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/krbdev>,
<mailto:krbdev-request@mit.edu?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Sender: "krbdev" <krbdev-bounces@mit.edu>
I am running on Oracle Enterprise Linux and using MIT libraries. I am aware of the AllowTgtSessionKey Registry setting parameter that works when MSLSA is used without the Credential Guard. My query is specific to MSLSA used with Windows Credential Guard.
From: Sam Hartman <hartmans@debian.org>
Date: Wednesday, September 6, 2023 at 6:29 AM
To: Seshan Parameswaran <seshan.parameswaran@oracle.com>, krbdev@mit.edu <krbdev@mit.edu>
Subject: Re: [External] : Re: Windows Credential Guard with MSLSA
>>>>> "Seshan" == Seshan Parameswaran <seshan.parameswaran@oracle.com> writes:
Seshan> Hi Sam I am trying to revisit the question I asked a year
Seshan> ago. Could you please specify if the comments you mentioned
Seshan> below are specific to Windows Native or is applicable to
Seshan> both Windows as well as Linux?
Linux doesn't have an MSLSA cache.
If you're running on some version of WSL, then it kind of depends on
your Kerberos implementation.
I do not think that as shipped a Linux build of the MIT sources can
access an MSLSA cache under WSL.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
