Leash Properties… Command, Ctrl+L

The Leash Properties dialog, located on the Options menu, allows you to configure operational properties specific to the Leash application which are not accessible directly via the Options menu.


Leash Properties

Here you can set a time server from which Leash will obtain the correct time.  Leash needs the correct time because of the time dependencies in Kerberos tickets.  When you specify a time server, Leash tries to get the time from that server when you next run the Synchronize Time command.  The default value for the time server is "time".  If access to a time server were to fail, Leash would notify you, and revert to the server "time".  Whichever server succeeds, Leash would tell you where it found the time.  See the Synchronize Time command for more information.

The Automatic MSLSA Ticket Importation radio buttons allow you to configure how Leash interacts with the Microsoft Kerberos Authentication Provider.  Leash will automatically import Kerberos Tickets from the Microsoft LSA at startup depending upon the selected option and whether or not the Kerberos Authentication Provider was used for Windows Logon authorization.  Never means do not import tickets from the MSLSA; Always means do import tickets from the MSLSA; and When MSLSA Principal matches Default Realm means import tickets from the MSLSA only if the Kerberos principal belongs to the Kerberos Realm specified within the Kerberos Properties Dialog.

When Request Kerberos 4 credentials is checked, Leash will attempt to retrieve Kerberos 4 credentials when ticket initialization, renewal, or importation is performed.  Leash will attempt a Kerberos 5 to Kerberos 4 conversion and if that fails an initial Kerberos 4 ticket request will be generated.  Kerberos realms are increasingly configured to support on Kerberos 5.  If the realms you use do not support Kerberos 4 it is suggested that this button be unchecked.

The Restore Leash Defaults button is used to restore user configurable Leash settings to the defaults as configured either by the local machine system administrator or by the Kerberos for Windows distribution.