On Sun, Mar 21, 2021 at 4:24 PM Spike White wrote:
> If we limit our KRB5 encryption algorithms to only strong cyphers
> (AES128 and AES256), would that thwart the above SSSD attack?
No.
The fundamental issue is this: if an attacker has compromised a Linux
host, then the attacker has access to
Hello,
I'm currently using an older version of SSSD 1.13 on Centos 6, we are
migrating to Centos 7, and I was thinking of enabling dynamic DNS update.
My problem is our servers do have multiple NIC from 1 to 6.
Is there an article somewhere explaining how SSSD works with multiple NIC ?
Since I w
Pawel,
Thank you for the detailed explanation. I know for the "Kerb-roasting"
hacking technique, if you avoid the weak KRB5 ciphers (3des-cbc,
arcfour-hmac), that thwarts this attack.
If we limit our KRB5 encryption algorithms to only strong cyphers (AES128
and AES256), would that thwart the