Re: Kerberos Ticket User

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/27/05


Date: Wed, 27 Apr 2005 01:55:15 -0500

The krbtgt account is disabled by default and the system manages the
password. You do not nor should not reconfigure that account. I am not sure
exactly what you need to do but if it has to do with trusting user accounts
for delegation see the links below. --- Steve

http://searchwindowssecurity.techtarget.com/generic/0,295582,sid45_gci1050149,00.html#Delegation
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod19.asp

"Will" <DELETE_westes@earthbroadcast.com> wrote in message
news:eq4x$BvSFHA.3184@TK2MSFTNGP15.phx.gbl...
> In our Active Directory server user list, I see a user account for the
> Kerberos ticket service, but it is marked as disabled. The Kerberos
> ticket
> service is running with SYSTEM authority. Is this the default
> configuration?
>
> If you want to use the Kerberos use account to run the Kerberos ticket
> service, are you supposed to change the password, or does Kerberos
> maintain
> and change this password on its own? What steps are required to make
> this
> secure?
>
> We need to run Kerberos ticket as a user so that it will be able to pass
> Kerberos tickets through a winsock proxy that only allows specific user
> accounts to pass through.
>
> --
> Will
>
>
>



Relevant Pages

  • Re: Expired Account
    ... ability to access the resource ends when the Kerberos ticket expires. ... neither a user who is locked out nor a computer account can renew ...
    (microsoft.public.windows.server.active_directory)
  • Kerberos Ticket User
    ... In our Active Directory server user list, I see a user account for the ... Kerberos ticket service, but it is marked as disabled. ...
    (microsoft.public.windows.server.security)
  • KDC error at logon !
    ... I have upgraded a NT4 PDC to W2K in mixte mode. ... type:error " The account FRED has not a valid key to ... generate a Kerberos ticket." ...
    (microsoft.public.win2000.security)
  • Re: disabled key distribution center service account
    ... The krbtgt account is always disabled. ... Does anyone know how to re-enable the Key Distribution ... > Center Service Account? ...
    (microsoft.public.windows.server.general)
  • Re: Administrator account primary role changed
    ... Logon with the adminstrator account or any other account with admin rights and reconfigure your account. ... I noticed this when I could not get into any of my event logs this morning. ...
    (microsoft.public.windows.server.active_directory)