client impersonation
Andrew Bartlett
abartlet at samba.org
Thu Jun 1 03:50:43 GMT 2006
On Wed, 2006-05-31 at 20:25 -0700, Murali Bashyam wrote:
> Is this doable for NTLM? For kerberos with delegation, i understand
> this is feasible.
As I have discussed on this list recently, a man-in-the-middle attack is
possible, but the Samba4 code doesn't support this yet.
I think there is a way with AD's kerberos to, for a suitably very
privileged account, get a ticket for another user. Look into delegation
and related issues on Microsoft's site.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060601/ed51b251/attachment.bin
More information about the samba-technical
mailing list