adcs icon indicating copy to clipboard operation
adcs copied to clipboard

Published 20 hours ago verified publisher icon jimmypw

Allow Kerberos Authentication

Open CSimpiFoN opened this issue 4 years ago • 2 comments

NTLM authentication method is not secure anymore, Microsoft disables it by a security update. Is there any chance the application can support Kerberos instead of NTLM?

https://msrc.microsoft.com/update-guide/vulnerability/ADV210003

CSimpiFoN avatar Aug 06 '21 11:08 CSimpiFoN

NTLM like make many other authentication systems are often susceptible to information disclosure or replay attacks. This is not new information. Choosing one authentication system over another is not a substitute for appropriate hardening of your systems. Mitigation details can be found in the following KB linked form he page you provided https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429

That said, I'm a fan of kerberos and I'll look in to integrating it. Thanks for the suggestion.

jimmypw avatar Aug 09 '21 12:08 jimmypw

Thanks for the update! The security decisions within the company are not made by me, and I'm not the one who manages the AD CA. I just need to leave with it as a DevOps engineer who does not want to generate SSL certificates manually. I appreciate your hard work and dedication to support this project!

CSimpiFoN avatar Aug 10 '21 08:08 CSimpiFoN