Video of my Kawaiicon talk: The "Dollar Ticket Attack" on AD and Linux Kerberos clients

Andrew Bartlett abartlet at
Sat Jul 9 02:46:31 EDT 2022

I was going to wait until a per-talk video was hosted by the organisers
of the conference, but in the meantime this link into the live stream

I'm sharing this as I wanted to share the video as folks have been

It would be great if the linux side could become harder to exploit at
some point, I have some suggestions at the end of the talk, and Sumit
has had some suggestions around disabling an 'a2ln' plugin. 

It would be good if someone could write up some good guidance for users
on how best to defend against it on the Linux side, both with a 'simple
keytab on server', or 'samba publishing keytab' or other similar

I also tell the tale of how I broke into Windows AD last November,
similar to but more punchy than SambaXP talk, which I think was pretty

Anyway, enjoy and be worried!

Andrew Bartlett

Andrew Bartlett (he/him)
Samba Team Member (since 2001)
Samba Developer, Catalyst IT

More information about the krbdev mailing list