Kerberos: kinit on Windows 8.1 leads to empty ticket cache

Question

I installed Kerberos for Windows on a new set-up Windows 8.1 machine.

• Domain: not set
• Workgroup: WORKGROUP

I edited the <

Answer 1

The MIT Kerberos documentation states that...

There are several kinds of credentials cache supported in the MIT Kerberos library. Not all are supported on every platform ...
- FILE caches are the simplest and most portable. A simple flat file format is used to store one credential after another. This is the default...
- API is only implemented on Windows. It communicates with a server process that holds the credentials in memory...

The default credential cache name is determined by ...
- The KRB5CCNAMEenvironment variable...
- The default_ccache_name profile variable in [libdefaults]
- The hardcoded default, DEFCCNAME

But AFAIK, on Windows the hard-coded default cache is API: and that's what you can manage with the UI. kinit also uses that protocol by default.

I personally never could use klist to use that protocol, even with the "standard" syntax i.e. either
  klist -c API:
or
  set KRB5CCNAME=API:
  klist

On the other hand, if you point KRB5CCNAME to a FILE:***** then you can kinit then klist the ticket; but it will not show in the UI and will not be available to web browsers and the like.