Udostępnij za pośrednictwem


Follow me and learn Windows Server 2012 – Flexible Authentication Secure Tunneling (FAST)

Saturday after and it is Bruce again! I need to get my studying done before the OSU game. With the release Windows Server 2012 we all have to start learning the new features of the product. This night I am studying Flexible Authentication Secure Tunneling (FAST). Below are some resources to bring you to speed at the same time.

This new feature enhances Kerberos Authentication. By keeping it from fallback to less-secure legacy protocols and protection against offline dictionary attacks. But what is really important about this, is that it is required if you plan to use Claims within Dynamic Access Control. This is the enhancement that allows us to put claims into the Kerberos ticket.

Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST))

https://technet.microsoft.com/en-us/library/hh831747.aspx

Flexible Authentication Secure Tunneling (FAST) provides a protected channel between the Kerberos client and the KDC. FAST is implemented as Kerberos armoring in Windows Server 2012, and it is only available for authentication service (AS) and ticket-granting service (TGS) exchanges.

New features in Active Directory Domain Services in Windows Server 2012, Part 11: Kerberos Armoring (FAST)

https://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/05/new-features-in-active-directory-domain-services-in-windows-server-2012-part-11-kerberos-armoring-fast.aspx

A Generalized Framework for Kerberos Pre-Authentication

https://tools.ietf.org/html/rfc6113