Hi there, I'm working on a single-sign-on solution with kerberos for Windows 7.
I started to setup a virtual machine with integrated kerberos-login and a modified logon.bat similar to our solution for Windows Xp clients. In this batch we are trying to get the principal and the domain to map the afs-drives. On XP we are getting the principal by calling the %USERNAME%-variable, but since Windows7 only returns the mapped user (in our case standarduser), I figured that a simple solution should be to start klist.exe and read the output to set the principal. In my vm, the whole process works pretty fine, but after I tried to get my solution to work with a real machine, I never get my tickets. The console just returns something like this: *Current LogonId is 0:0x1a38a Cached Tickets: (0)* If I try klist with the tgt value, I'm getting the following failure: *Error calling API LsaCallAuthenticationPackage (Ticket Granting Ticket substatus): 1312 * *klist failed with 0x8009030e/-2146893042: No credentials are available in the security package* But if I start the cmd-console with administrator privileges, everything works fine. Windows won't let me to configure the klist-options to start it always as administrator (actually I don't think that that would be a good idea anyways) So the question is, what am I doing wrong? Is there something like an understanding problem on my side or did I just found a bug? Google couldn't find anything useful, so I'm trying to get your help :) Thanks in advance. Robert Schröder ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
