Comments (4)
ryanries
commented on June 27, 2024
I got it.
from passfiltex.
solardiz
commented on June 27, 2024
Did one of you happen to capture what kind of passwords are actually passed into the filter for the krbtgt account? What length, character set? Do they literally mean "random bits", so including non-printable characters and maybe even NULs? I wasn't able to find reliable info on this yet.
It might be possible and preferable to address the issue by allowing any sufficiently random-looking strings rather than allowing any password for krbtgt.
CC: @rgarrigues from #18
from passfiltex.
ryanries
commented on June 27, 2024
@solardiz I don't recall off the top of my head without looking it up, exactly how the krbtgt password is comprised, but the two reasons why we should never interfere with the krbtgt password reset process are 1) the krbtgt password is sufficiently long and complex (probably around 120 random characters) to be reasonably strong for any of us, and 2) there are other internal processes within Active Directory that assume the krbtgt password change will never fail, so failing a krbtgt password is not a good idea and could lead to unforeseen consequences.
from passfiltex.
solardiz
commented on June 27, 2024
@ryanries Thanks. FWIW, a comment here also says 120: https://www.reddit.com/r/sysadmin/comments/ubt8m7/krbtgt_password_reset_question/
"As soon as you set the password the KRBTGT account will generate its own 120 character unique password."
from passfiltex.
Related Issues (19)
- .dll file HOT 3
- Memory consumption and performance HOT 9
- Question: SecureZeroMemory HOT 5
- Password tolower() not converting the last character HOT 1
- Empty password shown as allowed HOT 2
- Custom error message HOT 1
- Add such a group: require lower OR require upper HOT 6
- We can't reset krbtgt_xxxxx passwords for RODC HOT 6
- Can you show a custom message HOT 2
- Format string: incorrect number of arguments? HOT 1
- no dll in v1.19 HOT 2
- Measured effectiveness of many filters, PassFiltEx is the best HOT 4
- Users accounts gets locked out when accessing shared folder HOT 7
- Documentation clarification HOT 1
- Character Class Requirement HOT 5
- Crash on a 0-byte blacklist file
- Crash when resetting password while blacklist does not exist
- Crash when attempting to (re)set password to the empty string
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passfiltex.