sspi cache vs mit credential cache

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

sspi cache vs mit credential cache

Subu Ayyagari

* I have windows AD 2003 forest with 2-way trust to
  MIT realm.

* Crossrealm setup has been configured.

Question: From info available on the mit website,
          it appears the microsoft cache *has* to be
          copied to mit credential cache (leash
import).

Is this required? Can applications (eg: kerberized
ssh)
directly use microsoft credential cache?

thanks
-subu

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: sspi cache vs mit credential cache

Jeffrey Altman-3
Subu Ayyagari wrote:

> * I have windows AD 2003 forest with 2-way trust to
>   MIT realm.
>
> * Crossrealm setup has been configured.
>
> Question: From info available on the mit website,
>           it appears the microsoft cache *has* to be
>           copied to mit credential cache (leash
> import).
>
> Is this required? Can applications (eg: kerberized
> ssh)
> directly use microsoft credential cache?
>
> thanks
> -subu

Applications can be written to use the Microsoft Kerberos SSP.
If so, they don't use the MIT libraries at all.


If the application is written to use the MIT Kerberos libraries
then there are two choices.  Leash can copy the credentials from
the MSLSA ccache into the MIT CCAPI cache or the user can choose
to use the MSLSA cache directly.

Be sure you are using KFW 2.6.5.

Jeffrey Altman


--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos