On 6/12/2013 1:21 PM, Matt Lists wrote: > Hi... I'm hoping that questions about MIT Kerberos for Windows are > on-topic here. Apologies in advance if this is not the case. > > We have a Samba 3 domain and also separate MIT Krb5 KDCs, where the > principal names match the Samba userids. On previous Windows XP > machines with Kfw 3.x installed, Kfw would somehow automatically get a > TGT from the KDC when the user logged into the samba domain via the > Windows domain logon dialog. I always assumed that Kfw somehow had > access to the cleartext password entered by the user, but don't know if > that's true. (Was there some kind of Windows password cache, or > something via the GINA API?)
There is a network provider dll and an explorer shell login/logout hook. > Now on Windows 7, I can't seem to get Kfw 3 or 4 to behave the same way > (still the same old Samba 3 domain). I understand that Kfw 4 can import > credentials from the Windows 7 LSA, but I don't think that will help me, > as we are using old NTLM style authentication rather than AD style, and > thus Windows has no tickets. Microsoft removed the explorer shell login/logout hook in Vista. > I've done a lot of searching to see how to get this to work, but have > come up short. Is it still possible to do this? If so, any whacks with > a cluebat would be greatly appreciated. The functionality is gone. Jeffrey Altman
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
