Vista compatibility with mixed system kerberos authentication?

Discussion in 'Windows Vista Administration' started by tkmlee, Jan 26, 2007.

  1. tkmlee

    tkmlee Guest

    Does Vista support single sign on kerberos authentication with a unix kds?

    With our current infrastructure, we use ksetup in our Windows 2003 AD with
    XP clients to add the kerberos realm for our users to login.

    So far, with some breif testing, the same group policy that we use on our XP
    machines (ksetup to add the kerberos realm), doesn't work on Vista. Is there
    a version of ksetup or similar that is used in Vista?

    Thanks!
     
    tkmlee, Jan 26, 2007
    #1
    1. Advertisements

  2. tkmlee

    tkmlee Guest

    anyone?
     
    tkmlee, Feb 28, 2007
    #2
    1. Advertisements

  3. tkmlee

    Jason Guest

    Admittedly, I'm don't know a great deal about this but am trying to
    learn more....how are you using group policy to leverage ksetup to add
    the kerberos realm? I know in my work environment we have a GPO that
    runs a .reg file with the /s switch that adds the necessary registry
    entry for our kerberos realm. HKEY_LOCAL_MACHINE\SYSTEM
    \CurrentControlSet\Control\Lsa\Kerberos\Domains\{domain name}
    with a value of KdcNames:REG_MULTI_SZ:{kdc server}

    This .reg entry works for the Vista clients as well. No ksetup.exe
    necessary. But we have another problem. It seems when users lock their
    Vista screens all their tickets are destroyed and then not renewed
    when the they re-authenticate to unlock the screen. That's not
    helpful!
     
    Jason, Mar 28, 2007
    #3
  4. tkmlee

    tkmlee Guest

    same here if its a laptop without a network connection, the credentials don't
    cache and the user can't log into the kerberos realm.... not a good thing.....
     
    tkmlee, May 25, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.