Skip Menu |

Date: Thu, 06 May 2010 10:49:26 -0400
From: Justin Brinegar <>
Subject: Bug in MIT Kerberos for Windows Version 3.2.2 - Win7 x64
Download (untitled) / with headers
text/plain 1.2KiB

I am unable to obtain a TGT for the configured default realm when
logging on to a 64 bit Windows 7 machine. Following the same
configuration steps detailed below on a 32 bit Windows 7 machine, I am
able to obtain the TGT as expected.

To reproduce the issue:
1) Install KFW 3.2.2 MSI (32 bit)
2) Install KFW 3.2.2 MSI (64 bit) - note that this requests to remove
the above.
- The MIT Kerberos page on suggests "(on
64-bit Windows install both the 32-bit and 64-bit MSI packages)"
- Even if the order is reversed, the symptom persists.
3) Replace krb5.ini with a fully configured copy, default realm is
4) Create local account, add to admin group - match password with
Kerberos password.
5) Log out, log in as local account and configured the
6) Log out, log in again as local account - no TGT.

If the steps are followed on a 32 bit machine, I get a TGT from
ISIS.UNC.EDU. Why can't I get one when this setup is performed on x64
Windows 7?

The symptom persists if UAC is off. I originally suspected a policy on
the Windows Domain I was using was causing the problem, but I have ruled
that out.

Please let me know what logs (please send instructions for obtaining
such logs) or other information I should send.