I updated the guide at https://discourse.ubuntu.com/t/service-
sssd/11579/ with a section on KDC spoofing, please take a look.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/176
Title:
Hi Andrew, I'm back on this bug since I'm updating the server guide for
the 20.04 release.
Again I didn't add krb5_validate to the guide, mostly because I had
forgotten about this bug here. The new guide is at
https://discourse.ubuntu.com/t/service-sssd/11579
Let me see if I got the attack scenar
** Changed in: serverguide
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: serverguide
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad
Any idea why upstream sets krb5_validate to false by default? I presume
because this would require the extra step of creating a service ticket
for the host where the login happened, if I understood it correctly?
--
You received this bug notification because you are a member of Ubuntu
Server, whic
And, is sssd's krb5_validate option overriding krb5 library's
verify_ap_req_nofail?
If this flag is true, then an attempt to verify initial credentials will
fail if the client machine does not have a keytab. The default value is
false.
--
You received this bug notification because you are a mem
