Hi,
I saw this question in the archives (May 4, 2002), but with no responses. We're running into this issue, and I was wondering if there was any workaround [yet]?
The configuration - MIT KDC is "primary" KDC, and Windows AD KDC trusts the MIT KDC.
The problem:
1. From an XP workstation which a member of the AD, authenticate against the MIT realm
2. Lock the workstation
3. Unlock the workstation
At this point, you've lost virtually all of your tickets, and you can't access resources in the AD. I haven't found any patches, but maybe I don't know the secret code word to put into the Microsoft Knowledgebase, or Google.
Based on packet traces, I'm convinced it's a Windows 2000/XP bug. It's the workstation which forgets its tickets, and then neglects to ask for new ones.
If there isn't a fix available, I guess I'll write a GINA which acts as a pass-through to the default GINA for all GINA functions except for WlxWkstaLockedSAS(). I'm assuming it's dumping the tickets when WlxWkstaLockedSAS acquires a new TGT from the MIT realm...
Thanks for any help,
Brian Davidson George Mason University
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
