Re: active directory - kerberos realms

From: Mike Kline (mkline_at_gmail.com)
Date: 05/15/04 

Date: 14 May 2004 22:04:55 -0700

Barbara,
Take a look at this paper from the guys at SANS. The details are in the paper.

http://www.giac.org/practical/GSEC/Barton_Jokinen_GSEC.pdf

Thanks
Mike

barabba72@hotmail.com (barabba) wrote in message news:<8ec33ba5.0405141452.22b22762@posting.google.com>...
> Hi all,
>
> we all know that Active Directory uses Kerberos for a number of
> things.
> We also all know that all Domain Controllers run Kerberos by default.
>
> However, I read in a MS book that it is possible to use third pary
> Kerberos service instead of the native Kerberos supplied by DCs.
> Is this true ?
> Does anybody have any more details about this ?
>
> Thanks,
> Bar

Relevant Pages

  • Microsoft Active Directory security vulnerability
    ... Kerberos V (for information on Kerberos interoperability see ... return results from the Active Directory. ... My guess is that Microsoft does not check for a zero value ... nor did I test it with simple authentication. ...
    (Bugtraq)
  • Re: Windows 2008 Trust To MIT Kerberos Server
    ... What method did you use to point your client to the MIT realm? ... However my point is that there is no traffic happening between my Active Directory Server and the MIT Kerberos Server. ... I can connect between the AD and MIT Kerberos server using other protocols like RDP and SSH as well as ping both directions but Windows is never requesting a TGT from the MIT Kerberos Server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2008 Trust To MIT Kerberos Server
    ... Windows then obtains a service ticket from the MIT realm with the forwarded and forwardable flags set ... With that TGT from the MIT realm, Windows is now able to obtain an LDAP service ticket from Active Directory ... I'm not a Kerberos expert like some, but I'm fairly sure this is a pretty accurate representation of how this process works. ... I have setup a trust between an Active Directory Domain and a MIT Kerberos Domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Kerberos and Group membership
    ... Has anyone used Kerberos in Windows 2000\2003 server environment? ... "Active Directory" is basically a KDC and an LDAP server. ... doing Kerberos authentication to W2K or Windows 2003? ...
    (comp.protocols.kerberos)
  • Using kerberos w/o binding to active directory
    ... I have a file server on the campus active directory that contains the ... not using Kerberos for authentication. ... AD also uses Kerberos for authentication: ... Successful Network Logon: ...
    (microsoft.public.win2000.active_directory)
Loading