Vista compatibility with mixed system kerberos authentication?

[Guest]

Does Vista support single sign on kerberos authentication with a unix kds?

With our current infrastructure, we use ksetup in our Windows 2003 AD with
XP clients to add the kerberos realm for our users to login.

So far, with some breif testing, the same group policy that we use on our XP
machines (ksetup to add the kerberos realm), doesn't work on Vista. Is there
a version of ksetup or similar that is used in Vista?

Thanks!

 

[Guest]

anyone?

 

[Jason]

Admittedly, I'm don't know a great deal about this but am trying to
learn more....how are you using group policy to leverage ksetup to add
the kerberos realm? I know in my work environment we have a GPO that
runs a .reg file with the /s switch that adds the necessary registry
entry for our kerberos realm. HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Control\Lsa\Kerberos\Domains\{domain name}
with a value of KdcNames:REG_MULTI_SZ:{kdc server}

This .reg entry works for the Vista clients as well. No ksetup.exe
necessary. But we have another problem. It seems when users lock their
Vista screens all their tickets are destroyed and then not renewed
when the they re-authenticate to unlock the screen. That's not
helpful!

 

[Guest]

same here if its a laptop without a network connection, the credentials don't
cache and the user can't log into the kerberos realm.... not a good thing.....