On Thu, 2012-02-16 at 16:20 +0100, Ondrej Valousek wrote: > > > Also FWIW Windows also does not store the password for renewals, as > > renewals do not need a password. Windows will simply obtain a new ticket > > every time you unlock the screen (just like we do), and has default > > renewal times of a week or so (defaults depend on AD version and/or > > domain policies). > > (Windows does cache the NT hash in most cases, but that's due to NTLM > > support, not really Kerberos related) > > > > Simo. > > > Ok, so if it weren't for the NTLM backward compatibility (which can be > possibly blocked on DC), tools like this: > http://pentestmonkey.net/blog/mimikatz-tool-to-recover-cleartext-passwords-from-lsass
Ouch! > would never work. Right? I have no idea, I guess you need to ask Microsoft about that :) > Sorry for drifting away from the original topic a bit.... > Yes :) Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
