Is kerberos unconstrained delegation partially safer than constrained delegation?

When you’re using unconstrained delegation, a service A is allowed to authenticate as the user B to any other service. This happens because the user B sends its TGS along with its TGT to the service A, and service A can then request other … Continue reading Is kerberos unconstrained delegation partially safer than constrained delegation?

Manually creating computer account and SPN’s in Kerberos (krb5) keytab file for Window Active Directory domain

Lots of articles on the net describes how you can join a Linux box to a Windows Active Directory domain, some using “realmd”, some using samba and so forth. Others describe how you can do things manually without using realm join or net ads… Continue reading Manually creating computer account and SPN’s in Kerberos (krb5) keytab file for Window Active Directory domain

Does Kerberos authentication handle DNS names the same way between Windows 7 and Windows 10?

Recently, we migrated from Windows 7 to Windows 10 and during that migration, we progressively ran into some issues with our NAS device. To be more precise, we progressively noticed some tcp socket flooding on it while client… Continue reading Does Kerberos authentication handle DNS names the same way between Windows 7 and Windows 10?