 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / Active Directory / July 2005Do all services on a principal share the same long term key
Hi, Do all services running on a server share the same long term key in the KDC. What I mean is, lets say on a server that is part of a domain that is running say a file server and a email server, both of which use the kerberos protocol... Will a client wishing to communicate with both services be able to just use the same kerberos ticket? Thanks Lyle > Do all services running on a server share the same long term key in the > KDC? The long term key is dependent on the principal's password. Therefore, which long term key used depends on the principal running the service. Any services running as local system will use the computer accounts long term key; any services running as another principal will use that principal's password as the long term key to establish a session key. In the case of your example, a new ticket is needed for each SPN. Even though you and your computer have proved your identity, you still require tickets for different services as those tickets are for a specific service and not a generic catch all for a specific system.  SignaturePaul Williams Microsoft MVP - Windows Server - Directory Services http://www.msresource.net | http://forums.msresource.net |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.