[24101] in Kerberos
Re: Offline password attacks on AS-REQ
daemon@ATHENA.MIT.EDU (peter huang)
Thu Jun 16 15:58:07 2005
From: peter huang <peter.huang@hp.com>
Message-ID: <4Ikse.7224$yt.6058@news.cpqcorp.net>
Date: Thu, 16 Jun 2005 19:48:16 GMT
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
brian.joh@comcast.net wrote:
> Tunneling sounds like the best option.
>
> We have over 500 Windows 2000 and Windows 2003 domain
> controllers (KDCs in Active Directory), that we don't want to have
> to modify or install new software on. These domain controllers
> (KDCs) do have SSL properly configured, so I suppose, we could
> tunnel the AS-REQ and AS-REP inside of SSL. I'll try this unless
> anyone knows of a better way, keeping in mind no major changes
> can be made to these Domain Controllers.
>
> Thanks!
>
so how would one change the KDC to support SSL? the current kinit
process only talk to udp/tcp 88, is there other proposals to do kinit?
-peter
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
