You might need this: "This new feature has been seen in Windows 2003 Server, Windows 2000 Server SP4, and Windows XP SP2. We assume that it will be implemented in all future Microsoft operating systems supporting the Kerberos SSPI. Microsoft does work closely with MIT and has provided a registry key to disable this new feature.
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters AllowTGTSessionKey = 0x01 (DWORD)On Windows XP SP2 the key is specified as HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos AllowTGTSessionKey = 0x01 (DWORD)"as described here http://web.mit.edu/kerberos/kfw-2.6/kfw-2.6.5/relnotes.html#mslsa Regards Markus "Miguel Sanders" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Dear all > > I don't know whether or not I should post this here or in > microsoft.xp.client but I will do both. > After successfully implementing a cross realm trust between AD and a > UNIX realm, it seems that the clients that user SP1 can successfully > have SSO to the UNIX machine whereas the SP2 people can't. Can anyone > help me out, since I am not a Windows expert :-) > The tool I use for SSO on the Windows clients is Vintella Putty 0.60 > q1.129. > > > Kind regards > > > Miguel > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
