MS cache format - Kerberos

This is a discussion on MS cache format - Kerberos ; Hi, MIT kerberos code supports reading and writing file cache format corresponding to cache type 4. Does MS cache also support cache type 4. Thanks, Preetam __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: MS cache format

  1. MS cache format

    Hi,

    MIT kerberos code supports reading and writing
    file cache format corresponding to cache type 4.
    Does MS cache also support cache type 4.

    Thanks,
    Preetam

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: MS cache format

    preetam R wrote:
    > Hi,
    >
    > MIT kerberos code supports reading and writing
    > file cache format corresponding to cache type 4.
    > Does MS cache also support cache type 4.
    >
    > Thanks,
    > Preetam


    Microsoft does not support FILE based credential caches.
    Instead Microsoft stores Kerberos credentials within the LSA.
    The credentials are accessible via the Lsa APIs.

    Jeffrey Altman

  3. Re: MS cache format

    On Tue, 22 Aug 2006 02:08:47 GMT
    Jeffrey Altman wrote:

    > preetam R wrote:
    > > Hi,
    > >
    > > MIT kerberos code supports reading and writing
    > > file cache format corresponding to cache type 4.
    > > Does MS cache also support cache type 4.
    > >
    > > Thanks,
    > > Preetam

    >
    > Microsoft does not support FILE based credential caches.
    > Instead Microsoft stores Kerberos credentials within the LSA.
    > The credentials are accessible via the Lsa APIs.


    Really? The raw RC4 keys? What functions?

    Mike

    --
    Michael B Allen
    PHP Active Directory SSO
    http://www.ioplex.com/
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  4. Re: MS cache format

    Michael B Allen wrote:
    > On Tue, 22 Aug 2006 02:08:47 GMT
    > Jeffrey Altman wrote:
    >
    >> preetam R wrote:
    >>> Hi,
    >>>
    >>> MIT kerberos code supports reading and writing
    >>> file cache format corresponding to cache type 4.
    >>> Does MS cache also support cache type 4.
    >>>
    >>> Thanks,
    >>> Preetam

    >> Microsoft does not support FILE based credential caches.
    >> Instead Microsoft stores Kerberos credentials within the LSA.
    >> The credentials are accessible via the Lsa APIs.

    >
    > Really? The raw RC4 keys? What functions?
    >
    > Mike


    See the source code to MIT Kerberos 5

    src/lib/krb5/ccache/cc_mslsa.c

    Jeffrey Altman

  5. Re: MS cache format

    Hi,

    Does MS cache store the time offsets so that the
    client can synch time with kdc's time as MIT client
    does.


    Thanks,
    Preetam

    --- Jeffrey Altman wrote:

    > preetam R wrote:
    > > Hi,
    > >
    > > MIT kerberos code supports reading and writing
    > > file cache format corresponding to cache type 4.
    > > Does MS cache also support cache type 4.
    > >
    > > Thanks,
    > > Preetam

    >
    > Microsoft does not support FILE based credential
    > caches.
    > Instead Microsoft stores Kerberos credentials within
    > the LSA.
    > The credentials are accessible via the Lsa APIs.
    >
    > Jeffrey Altman
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >



    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  6. Re: MS cache format

    preetam R wrote:
    > Hi,
    >
    > Does MS cache store the time offsets so that the
    > client can synch time with kdc's time as MIT client
    > does.
    >
    >
    > Thanks,
    > Preetam


    I do not believe so. All Windows machines that support
    Kerberos also support time synchronization via NTP and
    all workstations in a domain synchronize the machine time
    to the domain controllers during machine startup. Therefore,
    there would be little need for them to do so.

    Even if they did, that information is not exported by
    the Lsa API.

    Jeffrey Altman


+ Reply to Thread