Offline password attacks on AS-REQ
brian.joh@comcast.net
brian.joh at comcast.net
Thu Jun 16 11:23:23 EDT 2005
Tunneling sounds like the best option.
We have over 500 Windows 2000 and Windows 2003 domain
controllers (KDCs in Active Directory), that we don't want to have
to modify or install new software on. These domain controllers
(KDCs) do have SSL properly configured, so I suppose, we could
tunnel the AS-REQ and AS-REP inside of SSL. I'll try this unless
anyone knows of a better way, keeping in mind no major changes
can be made to these Domain Controllers.
Thanks!
More information about the Kerberos
mailing list