The KFW CCAPI RPC implementation is incompatible with Vista User Account Control. The initial ccache server is started using the credentials of the logon account. An account that is a member of the Administrators Group when UAC is active will start off with restricted access. Tickets acquired by KFW in this state will be stored in a ccache server that is running with restricted privileges.
When the user elevates a process it will no longer be able to communicate with the ccache server. This results in the following negative user experience. The user elevates a process that requires Kerberos credentials. The krb5 library cannot find any valid credential cache and prompts the user to obtain a TGT. The user obtains the TGT and is then prompted again because the application seeking the credentials still cannot read them. User looks a credential manager, sees valid tickets, and gets frustrated. _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev
