I wonder how many people are going to run into issues on October 10th related to CVE-2022-37967 and patch #KB5020805

That's when the KrbtgtFullPacSignature Audit gets removed and the setting locks to Enforced.

https://ioc.exchange/@miketheitguy/109337062909975918

#CVE #Windows #WindowsServer #Infotech #InfoSec #SysAdmin #Kerberos #ActiveDirectory

#Kerberos clients allow IPv4 and IPv6 address hostnames in Service Principal Names (SPNs)

Beginning with Windows 10 version 1507 and Windows Server 2016, Kerberos clients can be configured to support IPv4 and IPv6 hostnames in SPNs.

https://learn.microsoft.com/en-us/windows-server/security/kerberos/configuring-kerberos-over-ip

#SPN #ActiveDirectory #WindowsServer #SysAdmin

#UAC Bypass By Abusing #Kerberos Tickets https://github.com/wh0amitz/KRBUACBypass

#PostgreSQL and #Kerberos, Tue, Jul 25, 2023, 6:00 PM | Meetup https://www.meetup.com/postgrescmh/events/294627025/

So, you think you’re ready for enforcing AES for #Kerberos? https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-think-you-re-ready-for-enforcing-aes-for-kerberos/ba-p/3858273

I think if I was in a band I'd name it kerberos. Then I'd sell Kerberos tickets to my shows.

#kerberos #it #funny

Does anyone know a windows GUI git client that will use the logged in user’s KRB ticket with ssh to push/pull/etc to/from a remote Linux box? The remote Linux box is using sssd and joined to the domain and works fine. I setup a Linux client already that can kinit and has an ssh config with gssapi and it has passwordless access to the remote Linux box. This only took about 10 minutes or so to setup/test. I have no experience doing this on windows.
#git #linux #ssh #gssapi #kerberos #krb

@lewdthewides Yeah... with #sftp servers supporting #LDAP + #Kerberos and #Wormhole existing, I just can't find myself being particularly sympathetic to them.

There was absolutely no reason to use some #proprietary service for it.

Kerberos - Basic Workstation Authentication on ubuntu 22.04 #login #kerberos

https://askubuntu.com/q/1470724/612

When using Windows authentication for a connection to a Microsoft SQL Server, Kerberos is the first choice.
To learn how to test the use of Kerberos and what configuration we recommend for the SQL Server service account, see my recent blog post on blog.ordix.de:
https://blog.ordix.de/sql-server-and-kerberos-eng
#kerberos #sqlserver

The #debian #bookwork tentative release date is the 10th of June. So I began the very first one of the future upgrades on a bare metal box here, to see if most of the packages involved in our network will go smoothly or not. #Kerberos debconf asked to renew the hostnames of the controllers. WTF? 🤔

My #introduction (since I changed instance):

I am a Norwegian IT-engineer at the University of #Oslo. Originally from #Brazil, I moved to #Norway in 2011.

I work mostly with VMware stuff, but also spend most part of my days configuring #linux images for VDI's, #Nextcloud, #Kerberos, #FreeIPA, #keycloak, etc.

I love #running, #sourdough baking and became #vegan in Feb 2022. I have #glaucoma.

I started https://mastodon.babb.no for friends and colleagues.

Currently doing a deep dive on the various methods of service-to-service authentication that is not simply a shared secret.

While reading up on #kerberos, I stumbled over "Why is Kerberos terrible? (It's really not)" by @SteveSyfuhs

I would recommend anyone interested in authentication to take a peek at this. It is jam-packed with great information. :blobfoxread:

https://syfuhs.net/2018/12/31/why-is-kerberos-terrible/

And thank you Steve for the amazing write up! :blobfoxheartcute:

I need to work on an updated guide on making #OpenBSD a #Kerberos and #LDAP client. I had something up on an old version of my blog years ago, and it hasn't changed, but I think I could rewrite it to be more clear.

It's not obvious how to get it going, but it's not too bad.

Hyvää kansainvälistä aseksuaalisuuden päivää! ✨

Sitä toivotan Kerberos-säeromaanini merkeissä, sillä kirjan päähenkilö Tuukka on todennut olevansa osa tätä moninaista porukkaa. Läheisyys ja rakkaus kiinnostavat häntä, seksi ei.

Lisätietoa päivästä:

https://internationalasexualityday.org/en/

#internationalasexualday #aseksuaalisuus #kerberos #kirjamastodon #lukeminen

New in #Metasploit: SugarCRM #RCE, login scanner and credential gatherer for Wowza Streaming Engine Manager, and three new methods for #PetitPotam.

Plus, admin/kerberos/forge_ticket now supports a new extra_sids option — which is useful for including cross-domain SIDs for forging external #Kerberos trust tickets as part of cross-trust domain escalation. The admin/kerberos/inspect_ticket has also been updated to support viewing these extra SID values.

More Kerberos and secrets dumping improvements in this week's wrap-up!

https://www.rapid7.com/blog/post/2023/03/10/metasploit-weekly-wrap-up-196/

Next up in our #EverythingOpen Speaker Spotlight, we have Fraser Tweedale @hackuador talking #cryptography and #PKI, demonstrating #Kerberos #PKINIT as a password replacement:

https://2023.everythingopen.au/schedule/presentation/43/

Kerberized NFS mounts stopped working with Ubuntu 21.10 (still in 22.10) #networking #server #mount #nfs #kerberos

https://askubuntu.com/q/1457852/612

The new #MDI alert type "Suspicious certificate usage over #Kerberos protocol (#PKINIT)" detects misuse of certificates in your #AD environment.

For additional information check out the release blog

#ADCS #Security

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-identity-now-detects-suspicious/ba-p/3743335

For anyone messing around with this, I haven't worked with #FreeIPA (nothing to do with beer), but it looks like a good solution for single sign-on things. It basically integrates #LDAP and #Kerberos, with a nice web interface. That said, while those two things are kind of a pain, I think there's some value in looking at how they work in a little more depth. Not to mention how Linux and other systems do authentication.