Paul: I'm sorry you having issues with KFW 3.0. A number of issues were discovered after its release that are negatively affecting sites. The NetIDMgr was a major architectural change and several rough edges were found that required reworking. Kerberos 4 ticket acquisition and renewal is one of those areas.
Krb4 can be disabled for all identities by default by setting : HKLM\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred\Parameters "Krb4NewCreds"=dword:00000000 However, KfW 3.0 doesn't check this value when renewing credentials. This will be fixed in 3.1. (The changes are already in the krb5 source tree.) The krb4 plug-in can be disabled entirely with this registry setting: HKLM\Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb4 "Flags"=dword:00000400 Both of these keys can be set in the MSI when deploying 3.0 via a MSI transform. Jeffrey Altman (Thanks to Asanka Herath for researching this information.) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
