Are there any security advantages to using Kernel Keyring versus the default file based caches for Kerberos on Linux?
In a containerized environment, what would be the most appropriate way of configuring Kerberos caches?
Category Archives: kerberos
I am trying to configure SingleSignOn (Kerberos) and get 2 error messages in the log. Even google hasn’t heard of them
I am trying to activate SingleSignOn for a new browser-based application hosted on a server by us, which we implemented at work recently. The application works flawlessly, the only thing that doesn’t seem to work is the SingleSignOn servic… Continue reading I am trying to configure SingleSignOn (Kerberos) and get 2 error messages in the log. Even google hasn’t heard of them
How is the initial request made to the Access Server in Kerberos?
I’m trying to understand how Kerberos works, in particular how the initial client sends a request to the Access Server. Some YouTube videos I’ve seen say the initial request is partially encrypted using the client’s password. First, what i… Continue reading How is the initial request made to the Access Server in Kerberos?
How to gain code execution through access to CIFS service on Windows?
Is it possible to gain code execution on a machine through access to CIFS service? And if so, how? In my case, I have a valid Kerberos TGS to CIFS service running on a host and I am able to copy and download files. I want to get a shell au… Continue reading How to gain code execution through access to CIFS service on Windows?
How NTLM SSO is preformed on smartcard Kerberos logon?
I have been researching kerberos and ntlm for the last couple of days and still got one thing unresolved.
After an interactive logon with kerberos, you will have in the cached credentials both kerberos tickets and ntlm hashes. I figured wi… Continue reading How NTLM SSO is preformed on smartcard Kerberos logon?
What is a secure way to log onto the domain controller?
On a pentest we found that a kerberos ticket under account name administrator was cached on one of the SQL database servers, which allowed us to steal the ticket, pass-the-ticket and log onto the domain controller. The logon type was remot… Continue reading What is a secure way to log onto the domain controller?
Can a Kerberos application server offer to proxy connections to the KDC?
As I understand it, when a client wants to authenticate to an application server using Kerberos it must first request a service ticket from the KDC (and possibly a ticket-granting-ticket if it does not already have one). For scenarios wher… Continue reading Can a Kerberos application server offer to proxy connections to the KDC?
Why do administrators create passwords vulnerable to kerberoasting?
I was researching a kerberoasting attack on the Active Directory domain. To create the stand, I used a Domain Controller on Windows Server 2016 and one client machine on Windows 10. SQL Server was installed on the Domain Controller which w… Continue reading Why do administrators create passwords vulnerable to kerberoasting?
MIT Kerberos: getting keytabs onto hosts securely
When setting up a host (… or updating its keytab if it needs new entries), what’s the standard way to set up keytabs?
Looks like the MIT Kerberos docs themselves recommend using ktadmin on the host itself (… sadly, I can’t find the exa… Continue reading MIT Kerberos: getting keytabs onto hosts securely
Is the MIT implementation of Kerberos protocol as vulnerable as the one used by Microsoft?
I am doing some research for school about the Kerberos protocol and its vulnerabilities, especially the Pass the Ticket attack.
Related articles are always talking about Active Directory so I was wondering if the MIT version of Kerberos wa… Continue reading Is the MIT implementation of Kerberos protocol as vulnerable as the one used by Microsoft?