In MS Windows, the registry key "allowtgtsessionkey" has to be set to "1" to allow Kerberos java client code to function correctly. This is the information in MS KB Article ID 308339:
"To provide better security, Microsoft has restricted an interface to retrieve ticket-granting-ticket/session key pairs from the Kerberos security package. Because some third-party programs may require this functionality to operate properly, the following information has been provided so you can re-enable this interface. " I would appreciate an explanation what the security exposure might be when enabling this key. Shouldn't attacks on the session key be restricted by Kerberos pre-authentication? -- Ulrich Boche SVA GmbH, Germany IBM Premier Business Partner ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
