I found the answer to my question, so I thought I would share it with others here on the list. To get Windows to acknowledge that a ticket has been issued through MIT Kerberos KfW 4.0.1 you need to edit a registry key. The key is located at: HKEY_CURRENT_USER\SOFTWARE\MIT Kerberos\Settings. Click on Issued and change the value from 0 to 1. Once I did this a klist now shows the ticket issued by KfW 4.0.1.
Randy Randy Morgan CSR Department of Chemistry and Biochemistry Brigham Young University 801-422-4100 On 11/16/2015 8:01 PM, Benjamin Kaduk wrote: > On Mon, 16 Nov 2015, Randolph Morgan wrote: > >> I have installed MIT Kerberos 4.0.1 on a Windows 10 machine. Everything >> I have read indicates that the identity manager is not integrated into >> the new ticket manager. Ticket manager shows that I have received a > I'm not sure what you mean by these terms. Is "the identity manager" the > "Network Identity Manager" such as is available from > https://www.secure-endpoints.com/netidmgr/v2/ ? Is the "new ticket > manager" the "MIT Kerberos.exe" distributed in the KfW 4.0.1 installer? > >> ticket from my krbtgt from my server, but Windows does not show a ticket >> when I run klist. If I run kinit, Windows receives and the ticket > There is a klist.exe shipped with Windows by Microsoft, that is unrelated > to either of the previously mentioned programs. (You can get the KfW > klist.exe by specifying a full path, e.g., C:\Program > Files\MIT\Kerberos\bin\klist.exe) > >> manager shows a ticket, but if I go through the ticket manager Windows >> does not show a valid ticket. is there some kind of registry setting >> that I need to modify, or is there something in my krb5.ini file that I >> should modify so that windows shows a ticket when it is issued through >> the ticket manager? > It sounds like perhaps (but it's very hard to tell since the description > lacks sufficient detail) you are putting credentials into different caches > when obtained via the command-line and via the MIT Kerberos.exe Ticket > Manager. The KfW klist.exe with the -A argument should help clarify > whether this is the case. Only the MSLSA: cache is accessible to the > Microsoft Kerberos implementation. > > The MIT Kerberos.exe Ticket Manager does have a "make default" > functionality that will set a registry key for future credential > acquisitions. > > -Ben Kaduk ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
