Skip to Content

Category Archives: 1047

Kerberos and non-standard port number

Written on December 20, 2009 at 11:52 am, by

Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not […]

userPassword

Written on November 22, 2009 at 1:59 pm, by

One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior […]

Where to put SSL certificate for LDAP …

Written on June 17, 2009 at 12:06 pm, by

Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use and effective […]

Critical vuln in MIT Kerberos implementation

Written on March 24, 2008 at 12:38 pm, by

This isn’t something which is in line with my day to day work, however this is something which may affect many organizations so I’ve decided to add my blog to list of sties which will duplicate this information. Secunia has reported critical vulnerability in MIT Kerberos implementation which can result in remote code execution, DoS […]

Fix for DNS RPC management interface security problem

Written on May 8, 2007 at 1:03 pm, by

Some time ago I wrote about a serious problem which is affecting DNS service, to be more specific management interface available through RPC. As DNS is one of heavily used service in Active Directory networks this is real problem. With this month’s security patches we can get fix for this problem described in MS07-029 security […]

DNS server security problem

Written on April 16, 2007 at 1:36 pm, by

Most of you have probably read new (published few days ago) security advisory with number 935964 published by Microsoft. For those who haven’t read it I think it is worth to take a look as this is about security problem in DNS service, which is quite common in Microsoft directory services world. Flaw in this […]

BitLocker(ed)

Written on February 20, 2007 at 1:17 pm, by

Are You using some methods of securing data on Yours laptop hard drive? EFS anyone? I’m curious how many of readers are using TrueCrypt? Until today I’ve used TrueCrypt as  a solution for secure file storing on my laptop machine. TrueCrypt is really cool tool. It gives You good usability, strong encryption and ability to […]

ILM, the story continues

Written on February 7, 2007 at 6:39 am, by

Just quick info – Microsoft have announced Identity Lifecycle Manager products line. Basically now we have a road map for next generation of IdM software. I’m now on conference in Seattle were we are talking a lot about it and I will post some more information after I will get back home.For now we have […]

Schema extensions for Vista new features

Written on December 4, 2006 at 1:58 pm, by

Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still somewhere behind the horizon and we have to take care about it by […]

Office 2007 ADM templates

Written on November 11, 2006 at 6:56 am, by

Microsoft has published on Downloads Office 2007 ADM templates for downloads. As Office 2007 will be launched soon and may start to show up in our networks maybe it is worth to take a look at ADM possibilities before this will happen.