Hello Benjamin, thank you very much for great help! Today I got running SAP SSO for W2k3 too!
> I would recommend making the API: cache the default and having SAP use > that, if there is no external need for using the LSA cache. Getting > things working properly with the LSA cache can be very frustrating, and > the API: cache should be much simpler to set up. Thats what I did! Switched from MSLSA to MIT ccache AND using gssap32.dll from MIT! The following and my wrong post in the other thread gave me the enlightened hint! > When using the KfW 4.0.x gssapi32.dll, there should not be a need to > already have a TGT -- I believe the library can launch MIT Kerberos.exe > and pop up a "Get Ticket" window. Yes, that works all as described (but only with the MIT gssapi32.dll ;-)! Problem was only the weak encryption (single-des) derived from former XP clients in our AD-Domain (arrg) I configured this in krb5.ini (allow_weak_crypto = true) and every thing was working! Thanks a lot, Regards Meike! ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos