Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Questions for Microsoft?

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Questions for Microsoft?

Chronological Thread 
  • From: Brian Arkills <>
  • To: "" <>
  • Subject: [AD-Assurance] RE: Questions for Microsoft?
  • Date: Mon, 25 Mar 2013 02:27:52 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none



From: [mailto:] On Behalf Of Capehart,Jeffrey D
Sent: Thursday, March 21, 2013 12:19 PM
Subject: [AD-Assurance] Questions for Microsoft?


Is there a list of questions for Microsoft prepared yet?


Kerberos Authentication for Microsoft Active Directory

·         Kerberos Authenticator Prevents Packet Replay

[BA] Windows domain controller issued Kerberos tickets can be subjected to man-in-the-middle replay attacks, unless you've deployed WS12 domain controllers and turned on the FAST feature, sometimes also called Kerberos armoring. Somewhere I've got a link that explains how to exploit this. And it should be easy enough to find the RFC and MS documentation that talks about this mitigating new feature/extension.

Archive powered by MHonArc 2.6.16.

Top of Page