Windows auth + roaming profile + cached login = no more passwords :-(

  • Steven

    Steven - 2012-12-01

    Hi everyone,

    I'm beginning to think (after reading other posts) that the Windows Auth feature should be removed entirely because I've found another way to lose access to your password database.

    Let me start by saying that I was very careful to observe all the many "gotchas" with using this feature. I'm on nothing but Windows7/2008 systems (one at a time), using only roaming profiles, using only the proper windows tools and no password resets.

    The new one here is creating a database with Windows Auth while using cached domain credentials (logging in while away from the domain). User account is the same, password has not changed, all I did is reconnect to the domain and poof "invalid composite key". All I can say is WTF!

    All the MS software using DPAPI was unaffected, my profile synced back without errors, after-all nothing has really changed, I was offline and now I'm back online. Same PC, same account, same domain, same everything. The gap was about 7 months cached from the domain until I came back online. The DC was powered down for this whole time.

    So first question - any ideas what happened? I'm not a DPAPI expert, but I am pretty well versed on AD and its security mechanisms and really nothing has changed here but yet no access to my kbdx.

    Second question - any hope to get access? There's no previous version backups here to speak of since, well, nothing changed! :-)

    Third question - given the plethora of reasons why Windows Auth breaks, any votes for removing this feature to prevent future users from losing databases? I'd be all for it if it was as reliable as say the IE stored passwords, or Outlook stored credentials... but clearly it's not (at least in its current form).


  • Paul

    Paul - 2012-12-05

    Have you tried the recovery steps?

    cheers, Paul


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks