Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not … Continue reading "Kerberos and non-standard port number"
One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog. Behavior … Continue reading "userPassword"
Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use and effective … Continue reading "Where to put SSL certificate for LDAP …"
This isn't something which is in line with my day to day work, however this is something which may affect many organizations so I've decided to add my blog to list of sties which will duplicate this information. Secunia has reported critical vulnerability in MIT Kerberos implementation which can result in remote code execution, DoS … Continue reading "Critical vuln in MIT Kerberos implementation"
Some time ago I wrote about a serious problem which is affecting DNS service, to be more specific management interface available through RPC. As DNS is one of heavily used service in Active Directory networks this is real problem. With this month's security patches we can get fix for this problem described in MS07-029 security … Continue reading "Fix for DNS RPC management interface security problem"
Most of you have probably read new (published few days ago) security advisory with number 935964 published by Microsoft. For those who haven't read it I think it is worth to take a look as this is about security problem in DNS service, which is quite common in Microsoft directory services world. Flaw in this … Continue reading "DNS server security problem"
Are You using some methods of securing data on Yours laptop hard drive? EFS anyone? I'm curious how many of readers are using TrueCrypt? Until today I've used TrueCrypt as a solution for secure file storing on my laptop machine. TrueCrypt is really cool tool. It gives You good usability, strong encryption and ability to … Continue reading "BitLocker(ed)"
Just quick info – Microsoft have announced Identity Lifecycle Manager products line. Basically now we have a road map for next generation of IdM software. I'm now on conference in Seattle were we are talking a lot about it and I will post some more information after I will get back home.For now we have … Continue reading "ILM, the story continues"
Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still somewhere behind the horizon and we have to take care about it by … Continue reading "Schema extensions for Vista new features"
Microsoft has published on Downloads Office 2007 ADM templates for downloads. As Office 2007 will be launched soon and may start to show up in our networks maybe it is worth to take a look at ADM possibilities before this will happen.