Kerberos features talk at sambaxp
Isaac Boukris
iboukris at gmail.com
Wed May 27 21:16:08 UTC 2020
On Wed, May 27, 2020 at 9:20 PM Stefan Metzmacher <metze at samba.org> wrote:
>
> StefanMetzmacher_sambaxp2020_Modern_Kerberos-rev0-compact.pdf
> can be found under:
> > https://www.samba.org/~metze/presentations/2020/SambaXP/
Excellent, thanks!
As a feature, I think RBCD will also be quite useful in samba deployments.
> Also checkout the latest wireshark!
> > I don't recall a problem with the enterprise principals in old
> > S4U2Self padata, but I mostly test MIT client, I'll give it a try.
>
> I'm also not 100% sure, but I thought you told me about it:-)
Maybe it was something else, I'll make a python test and try it
against windows :)
> I think the difference is also the client principal in the referral
> tickets on the way back.
Hmm, the PAC in the referral will be signed with user at dom@REALM, but
that doesn't depend on the padata type that was used.
> Isn't that what 'net ads kerberos pac dump' already does?
We should have an enterprise flag for net-ads-kerberos-pac-dump, I
think I have a patch for it somewhere.
More information about the samba-technical
mailing list