On Fri, Nov 18, 2016 at 04:51:03PM +0000, Mauro Cazzari wrote: > One more thing: if MIT Kerberos is installed, is there a way to populate the > KRB5CCNAME cache file automatically when I log on to Windows without having > to use a keytab or having to run a kinit under the covers?
MIT KfW does include a utility "ms2mit.exe" that attempts to export kerberos credentials from the Windows LSA to a KfW credentials cache (which by default will be an API: cache but can be configured to be a FILE: cache). However, those attempts will fail in some situations, such as when the user is a local administrator, on recent versions of Windows. Some sites have run ms2mit during the login process to get that sort of behavior; however, in the KfW 4.1 series, the LSA: support is improved and it may be feasible to just use the LSA: cache directly. -Ben ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
