[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: Klist issues with Windows 7
From: Jeffrey Altman <jaltman () secure-endpoints ! com>
Date: 2011-04-12 17:23:39
Message-ID: 4DA48A9B.2050003 () secure-endpoints ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 4/12/2011 12:21 PM, Robert Schröder wrote:
> The console just returns something like this:
>
> *Current LogonId is 0:0x1a38a
> Cached Tickets: (0)*
>
> If I try klist with the tgt value, I'm getting the following failure:
>
> *Error calling API LsaCallAuthenticationPackage (Ticket Granting Ticket
> substatus): 1312
> *
> *klist failed with 0x8009030e/-2146893042: No credentials are available in
> the security package*
>
> But if I start the cmd-console with administrator privileges, everything
> works fine.
You cannot access the LSA ticket store under User Account Control (UAC)
restricted processes. If you were able to read the TGT, you could
bypass the process restrictions without the user being prompted.
UAC applies to any account that is not the Local Administrator account
that is added to the Administrators Group.
Jeffrey Altman
["signature.asc" (application/pgp-signature)]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic