Hello Everyone,
Please someone help me with the following queries:
1. If AS_REQ has PADATA then irrespective whether preauth is enabled or disabled for that user on MS KDC, it still validates preauth PADATA?
In my scenario I am getting PREAUTH_FAILED irrespective if preauth enabled/disabled for that user in AD.
Is PREAUTH PADATA always processed if that exists in AS-REQ?
2. Do we always get a new ticket in response to each AS-REQ for a particular user even tough his previous TGT isn't yet expired? Is any step here bypassed
or the flow is same as the first time?
3. For a user in AD, when we click the checkbox in the properties for this user AD's account to use DES key for kerb, does that mean only DES or DES cum others?
4.in Win2008R2, i see a regisrty that says use FIPS approved algorithm for better security. When I enable this, rc4-hmac for kerb still works...is fips
system level compliance on this win2008R8 doesn't apply to KDC?
Thnx
Regards, Varun