Re: Kerberos Ticket User

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/27/05


Date: Wed, 27 Apr 2005 01:55:15 -0500

The krbtgt account is disabled by default and the system manages the
password. You do not nor should not reconfigure that account. I am not sure
exactly what you need to do but if it has to do with trusting user accounts
for delegation see the links below. --- Steve

http://searchwindowssecurity.techtarget.com/generic/0,295582,sid45_gci1050149,00.html#Delegation
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod19.asp

"Will" <DELETE_westes@earthbroadcast.com> wrote in message
news:eq4x$BvSFHA.3184@TK2MSFTNGP15.phx.gbl...
> In our Active Directory server user list, I see a user account for the
> Kerberos ticket service, but it is marked as disabled. The Kerberos
> ticket
> service is running with SYSTEM authority. Is this the default
> configuration?
>
> If you want to use the Kerberos use account to run the Kerberos ticket
> service, are you supposed to change the password, or does Kerberos
> maintain
> and change this password on its own? What steps are required to make
> this
> secure?
>
> We need to run Kerberos ticket as a user so that it will be able to pass
> Kerberos tickets through a winsock proxy that only allows specific user
> accounts to pass through.
>
> --
> Will
>
>
>