Date: | Thu, 06 May 2010 10:49:26 -0400 |
From: | Justin Brinegar <brinegar@physics.unc.edu> |
To: | kfw-bugs@mit.edu |
Subject: | Bug in MIT Kerberos for Windows Version 3.2.2 - Win7 x64 |
Hello,
I am unable to obtain a TGT for the configured default realm when
logging on to a 64 bit Windows 7 machine. Following the same
configuration steps detailed below on a 32 bit Windows 7 machine, I am
able to obtain the TGT as expected.
To reproduce the issue:
1) Install KFW 3.2.2 MSI (32 bit)
2) Install KFW 3.2.2 MSI (64 bit) - note that this requests to remove
the above.
- The MIT Kerberos page on secure-endpoints.com suggests "(on
64-bit Windows install both the 32-bit and 64-bit MSI packages)"
- Even if the order is reversed, the symptom persists.
3) Replace krb5.ini with a fully configured copy, default realm is
ISIS.UNC.EDU
4) Create local account, add to admin group - match password with
Kerberos password.
5) Log out, log in as local account and configured the
brinegar@ISIS.UNC.EDU.
6) Log out, log in again as local account - no TGT.
If the steps are followed on a 32 bit machine, I get a TGT from
ISIS.UNC.EDU. Why can't I get one when this setup is performed on x64
Windows 7?
The symptom persists if UAC is off. I originally suspected a policy on
the Windows Domain I was using was causing the problem, but I have ruled
that out.
Please let me know what logs (please send instructions for obtaining
such logs) or other information I should send.
Justin
I am unable to obtain a TGT for the configured default realm when
logging on to a 64 bit Windows 7 machine. Following the same
configuration steps detailed below on a 32 bit Windows 7 machine, I am
able to obtain the TGT as expected.
To reproduce the issue:
1) Install KFW 3.2.2 MSI (32 bit)
2) Install KFW 3.2.2 MSI (64 bit) - note that this requests to remove
the above.
- The MIT Kerberos page on secure-endpoints.com suggests "(on
64-bit Windows install both the 32-bit and 64-bit MSI packages)"
- Even if the order is reversed, the symptom persists.
3) Replace krb5.ini with a fully configured copy, default realm is
ISIS.UNC.EDU
4) Create local account, add to admin group - match password with
Kerberos password.
5) Log out, log in as local account and configured the
brinegar@ISIS.UNC.EDU.
6) Log out, log in again as local account - no TGT.
If the steps are followed on a 32 bit machine, I get a TGT from
ISIS.UNC.EDU. Why can't I get one when this setup is performed on x64
Windows 7?
The symptom persists if UAC is off. I originally suspected a policy on
the Windows Domain I was using was causing the problem, but I have ruled
that out.
Please let me know what logs (please send instructions for obtaining
such logs) or other information I should send.
Justin