Windows Configurations for Kerberos Supported Encryption Type

   In one of my previous blog(http://blogs.msdn.com/b/openspecification/archive/2010/11/17/encryption-type-selection-in-kerberos-exchanges.aspx) , I have talked about how the encryption types of the various encrypted parts of the Kerberos exchanges are selected.  The selections of these encryption types are dependent on some Active Directory attributes and policy settings.    It is important to understand how these settings are configured from the…


Encryption Type Selection in Kerberos Exchanges

     The types of encryption used in various Kerberos exchanges are very important and sometime confusing aspects of the Kerberos implementation.  We not only need to understand the Kerberos RFC (RFC 4120, RFC 3961 etc) that specifies generally how the encryption types should be selected, but also the effects of Windows  Active Directory and registry…

5

Using Openssl to implement Crypto Operations in Netlogon Remote Protocol

  Background  The Netlogon Remote Protocol remote procedure call (RPC) interface is used primarily by Microsoft Windows to maintain the relationship between a machine and its domain.   In the protocol, a client delivers a logon request to the domain controller over an established secure channel between a DC and its clients.    Before a secure channel…


msDS-SupportedEncryptionTypes – Episode 1 – Computer accounts

Introduction In order to be concise with this article, I need to assume that the reader is familiar with Kerberos and Active Directory. If not, then I can quickly think of two scenarios: 1)      Your favorite search engine (Bing in my case) took you here as a misunderstanding. 2)      You came because you stumbled upon…


Stronger Keys for Netlogon Remote Protocol in Windows 7

Background   Netlogon Remote Protocol (MS-NRPC) provides a secure communication between domain members and domain controllers.   In the protocol, a client delivers a logon request to the domain controller over an established secure channel between a DC and clients.  The secure channel is achieved by encrypting the communication traffic with a session key computed using a…