Re: kerberos!

From: Steve Light (slight_at_MICROSOFT.COM)
Date: 09/07/04

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: XP2 update bypasses proxy setting" 
    Date:         Tue, 7 Sep 2004 16:14:08 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    When connecting between two clients Kerberos is the initial
    authentication package used. Since the KDC will return an "Account not
    in database error" you'll fail over to NTLM. Then you get in because you
    have the same username/password.

    -----Original Message-----
    From: Windows NTBugtraq Mailing List
    [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Besirevic, Nesha
    Sent: Thursday, September 02, 2004 10:25
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: kerberos!

    Hi,

     Another joke from MS....

     Scenario:

     Two ADs (SBS 2003 - win2003 native mode and 2003 AD - win2000 native
    mode, no trust btw, they are simply using sam IP addresses range)

     Administrator account has same password on both ADs.

     Without any additional authentication you can easily map Admin Share
    (C$ for example) from one AD DC to another being logged on as
    Administrator.

     I thought we passed this kind of traps with KERBEROS!!!!

     Can anybody confirm this!!!!

     Thanks in advance

    Nesha Besirevic
    Technical Consultant\iScalaCRM
     <http://www.epicor.com/> www.epicor.com
    Tel.: +361 452-7689
    Cell: +3630 996-3238
    Fax: +361 452-7501
    E-Mail: nbesirevic@epicor.com <mailto:nbesirevic@epicor.com>
    <file:///C:/Documents%20and%20Settings/Nesha.Besirevic/Local%20Settings/
    Temp
    /(EmptyReference!)>

    This e-mail is for the use of the intended recipient(s) only. If you
    have received this e-mail in error, please notify the sender immediately
    and then delete it. If you are not the intended recipient, you must not
    use, disclose or distribute this e-mail without the author's prior
    permission. We have taken precautions to minimize the risk of
    transmitting software viruses, but we advise you to carry out your own
    virus checks on any attachment to this message. We cannot accept
    liability for any loss or damage caused by software viruses.

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is
    configured such that just hitting reply is going to result in the
    message coming to the list, not to the individual who sent the message.
    This was done to help reduce the number of Out of Office messages
    posters received. So if you want to send a reply just to the poster,
    you'll have to copy their email address out of the message and place it
    in your TO: field.
    -----

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: XP2 update bypasses proxy setting"