Re: Kerberos Ticket User

From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 04/27/05 

Date: Wed, 27 Apr 2005 00:20:07 -0700

If you are not familiar with Microsoft Proxy Server 2.0, it has a
mode where only domain accounts can get through the proxy.
SYSTEM accounts are always forbidden from getting through the
proxy.

I need kerberos tickets to pass out through the proxy. The only
way I can think to make that happen is for the Kerberos ticket
service to run as a domain account.

Is there any way to run the Kerberos ticket server under the
permissions of a specific domain user, or did Microsoft hack it
in such a way that it must always run as SYSTEM?

What is the purpose of the krbtgt account if it is always
disabled? 

-- 
Will
Internet: westes at earthbroadcast.com
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:e8jGVXvSFHA.2128@TK2MSFTNGP14.phx.gbl...
> The krbtgt account is disabled by default and the system
manages the
> password. You do not nor should not reconfigure that account. I
am not sure
> exactly what you need to do but if it has to do with trusting
user accounts
> for delegation see the links below.  --- Steve
>
>
http://searchwindowssecurity.techtarget.com/generic/0,295582,sid45_gci1050149,00.html#Delegation
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod19.asp
>

Relevant Pages

  • Re: rename AD user account creates problem with autocomplete in Ou
    ... I dont really see the point to changing the RDN portion as this really affects the login account name and will break mailflow. ... With any proxy changes you need to make sure that the mail attribute and the primary proxy address are the same as the below example ... object from both domain controllers to ensure that it is the same on both ... > for the account that was in the AutoComplete as dpritchard ...
    (microsoft.public.exchange.admin)
  • Re: PLEASE HELP - USENET/Proxy Security Question
    ... And it appears, for the most part, that the MS Proxy is really the only ... I needed to gain access to the administrator account on my box so I set the ... this local account, I pointed everything to the proxy and it worked. ... What is different when reporting connections ...
    (alt.computer.security)
  • Re: HELP Please: Can crawl portal but not non_portal content
    ... server is usually the result of the proxy settings. ... If using a proxy make sure you have entries in the By Pass list for: ... I've seen problems when the CentralAdminAppPool identity account is not the ... > Check that the Default Content Access Account in SharePoint Central ...
    (microsoft.public.sharepoint.portalserver)
  • Re: UPDATE 3 - Advice sought re: Untrustworthy Seller
    ... program that makes it simple to jump to and from an anonymous proxy. ... I tried configuring Firefox to not use the proxy connection for PayPal ... I can open a new account, but need to use a different bank ... PayPal balance, PayPal reserves the right to collect your debt to ...
    (alt.marketing.online.ebay)
  • ISA blocking??
    ... User account with Internet privileges, ... of the Web Proxy service. ... The ISA server requires ...
    (microsoft.public.isa)