Perfect! I'll give it a shot to see if it works in my case. Thanks! -----Original Message----- From: Benjamin Kaduk [mailto:ka...@mit.edu] Sent: Sunday, November 20, 2016 4:13 PM To: Mauro Cazzari <mauro.cazz...@sas.com> Cc: Todd Grayson <tgray...@cloudera.com>; Kerberos@mit.edu Subject: Re: Can I automatically cache AD tickets into a file on windows?
On Fri, Nov 18, 2016 at 04:51:03PM +0000, Mauro Cazzari wrote: > One more thing: if MIT Kerberos is installed, is there a way to populate the > KRB5CCNAME cache file automatically when I log on to Windows without having > to use a keytab or having to run a kinit under the covers? MIT KfW does include a utility "ms2mit.exe" that attempts to export kerberos credentials from the Windows LSA to a KfW credentials cache (which by default will be an API: cache but can be configured to be a FILE: cache). However, those attempts will fail in some situations, such as when the user is a local administrator, on recent versions of Windows. Some sites have run ms2mit during the login process to get that sort of behavior; however, in the KfW 4.1 series, the LSA: support is improved and it may be feasible to just use the LSA: cache directly. -Ben ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
