On 2006/1/19 3:06 PM, Luke Howard wrote: >> Windows does this I think. In fact I seem to recall that for at >> least some versions of Windows it doesn't even bother trying to renew >> the tickets and just always uses the stored key. >> > Unfortunately I never leave my Windows workstation unlocked for long > enough to verify this. But, given the NT OWF is present in memory to > support NTLM clients, it makes sense to use this for Kerberos too if > rc4-hmac is supported. Maybe someone from Microsoft can confirm. >
I'm not from Microsoft, but from their web page "How the Kerberos Version 5 Authentication Protocol Works: Logon and Authentication" <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/7cb7e9f7-2090-4c88-8d14-270c749fddb5.mspx> > The LSA also keeps a copy of an interactive user’s hashed password. If > the user's TGT expires during a logon session, the Kerberos SSP uses > the LSA’s copy of the hashed password to obtain a new TGT without > interrupting the user's logon session. The password is not stored > permanently on the computer, and the local copy of the hashed password > is destroyed when the user's logon session is destroyed. -Phil ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
