kerberos – Page 15 – WindowsTechs.com

Can an MIT Kerberos be configured to trust AD while still having its own realm and resources?

Posted on June 9, 2017 by PerennialN00b

Can Kerberos be setup in a *nix environment such that authentication happens against an LDAP store other than AD but still trust the AD domain? Use case is that we have AD in use, there’s no Kerberos for *nix, we don’t want t… Continue reading Can an MIT Kerberos be configured to trust AD while still having its own realm and resources?→

Kernels authentication question

Posted on May 26, 2017 by Abbas

I was reading about kerberos authentication and how the password is not transferred on the wire but it exist in the kdc database to encrypt decrypt msgs and only tickets are transferred after validation
I wonder when the user… Continue reading Kernels authentication question→

Kerberos IIS Authentication over HTTP

Posted on April 19, 2017 by Nash Rajao

I’ve reviewed the RFCs and am pretty familiar with Kerberos.

It seems to me that over a non-encrypted link (HTTP), Kerberos doesn’t leak the user’s password (or hash based challenge/response like NTLMv1/v2) and/or is suscept… Continue reading Kerberos IIS Authentication over HTTP→

PowerMemory – Exploit Windows Credentials In Memory

Posted on April 7, 2017 by Darknet

PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory, it levers Microsoft signed binaries to hack Windows. The method is totally new. It proves that it can be extremely easy to get credentials or any other i… Continue reading PowerMemory – Exploit Windows Credentials In Memory→

In the Kerberos protocol, what prevents clients from decrypting a service’s secret key?

Posted on March 30, 2017 by Barry Rosenberg

I’m studying the Kerberos protocol at a high level of abstraction. As I understand it- when a client wants to request a service, it first receives two messages from the TGS.

A: encrypted with the TGS/service long-term share… Continue reading In the Kerberos protocol, what prevents clients from decrypting a service’s secret key?→

Securing infrastructure with IMAP, SMTP, GSSAPI, OTP, FreeIPA

Posted on March 24, 2017 by Brian Topping

I am looking to finish a relatively secure infrastructure using only OSS tools. On the Linux side, I have the very capable RedHat IPA that provides Kerberos and manages host and service registrations. On the client side, ther… Continue reading Securing infrastructure with IMAP, SMTP, GSSAPI, OTP, FreeIPA→

Make pam_krb5 module optional for account activity

Posted on February 28, 2017 by Pranav

krb5 pam-config file is as follows:

# cat /usr/share/pam-configs/krb5
Name: Kerberos authentication
Default: yes
Priority: 704
Conflicts: krb5-openafs
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_krb5… Continue reading Make pam_krb5 module optional for account activity→

Does Kerberos support vendor specific attributes?

Posted on February 16, 2017 by Jaris Detroye

As the question title says: Does Kerberos support vendor specific attributes allowing access segmentation within a given client device?

Continue reading Does Kerberos support vendor specific attributes?→

TOMCAT : SPNEGO CONFIGURATION ERROR [migrated]

Posted on January 20, 2017 by Ivan YC

I have troubles with SPNEGO TOMCAT 7 configuration: I follow this guide for setup:

spnego-tomcat-config

Here is my krb5.conf

[libdefaults]
default_realm=lctr.corp
default_keytab_name=”C:/tomcat/conf/tomcat.keytab”
default_… Continue reading TOMCAT : SPNEGO CONFIGURATION ERROR [migrated]→

Secure Authentication options for NFS

Posted on January 11, 2017 by Saqib Ali

Are there any Secure Authentication for NFS other than Kerberos?

Continue reading Secure Authentication options for NFS→