Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Questions for Microsoft?

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Questions for Microsoft?


Chronological Thread 
  • From: Brian Arkills <>
  • To: "" <>
  • Subject: [AD-Assurance] RE: Questions for Microsoft?
  • Date: Mon, 25 Mar 2013 02:27:52 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport03.merit.edu; dkim=neutral (message not signed) header.i=none

 

 

From: [mailto:] On Behalf Of Capehart,Jeffrey D
Sent: Thursday, March 21, 2013 12:19 PM
To:
Subject: [AD-Assurance] Questions for Microsoft?

 

Is there a list of questions for Microsoft prepared yet?

 

Kerberos Authentication for Microsoft Active Directory

http://technet.microsoft.com/en-us/library/cc780469(v=ws.10).aspx

·         Kerberos Authenticator Prevents Packet Replay

[BA] Windows domain controller issued Kerberos tickets can be subjected to man-in-the-middle replay attacks, unless you've deployed WS12 domain controllers and turned on the FAST feature, sometimes also called Kerberos armoring. Somewhere I've got a link that explains how to exploit this. And it should be easy enough to find the RFC and MS documentation that talks about this mitigating new feature/extension.


Archive powered by MHonArc 2.6.16.

Top of Page