Offline password attacks on AS-REQ
peter huang
peter.huang at hp.com
Thu Jun 16 15:48:16 EDT 2005
brian.joh at comcast.net wrote:
> Tunneling sounds like the best option.
>
> We have over 500 Windows 2000 and Windows 2003 domain
> controllers (KDCs in Active Directory), that we don't want to have
> to modify or install new software on. These domain controllers
> (KDCs) do have SSL properly configured, so I suppose, we could
> tunnel the AS-REQ and AS-REP inside of SSL. I'll try this unless
> anyone knows of a better way, keeping in mind no major changes
> can be made to these Domain Controllers.
>
> Thanks!
>
so how would one change the KDC to support SSL? the current kinit
process only talk to udp/tcp 88, is there other proposals to do kinit?
-peter
More information about the Kerberos
mailing list