[Samba] Resetting the krbtgt account password

cn at brain-biotech.de cn at brain-biotech.de
Tue Jan 26 06:55:29 UTC 2021

Hello you all,
I was thinking about disaster recovery when this question came up. If 
your AD would be compromised by an attacker which made himself a golden 
ticket. Would the change of the password of the krbtgt account lock him out?

I am looking at this:


So I think this will help lockout any attacker who has a "normal" user 
ticket. But will this also be true for a golden ticket?



Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list