Dustin Heywood

That should work out well, as long as I can map specific openid connect users to internal users in hashtopolis im happy, that can even be a manual binding step...

The extraction works but it’s not in a format hashcat can process if there’s a domain SPN, whenever you try to crack them with hashcat it will throw a length...

This PR will not handle it, some of our tools require raw access key and secrets. Specifically penetration testing tools that would not be able to use an AWS proxy....

If it helps we are an enterprise support customer

Alternatively a method to exchange the x509 for AWS API Credentials for certain legacy tools would be handy.

That would be awesome On Thu., Mar. 17, 2022, 2:59 a.m. Dan Meyers, ***@***.***> wrote: > Yeah, in that way it would work similarly to aws-vault > , but getting...

You can also request a certificate enrollment agent certificate and then direct request a certificate on behalf of any other user which can pkinit