I was reading a lot about this new mechanism of authentication that is called ( Strict Kerberos Authentication ) and I was wondering , why it is important , and what is the vulnerability that it mitigates . I didn’t find a clear answer at the beginning , then I start digging deeper , until I get the whole idea . Be careful , this blog requires good understanding of Kerberos .
So I was to write a blog about Kerberos Strict Authentication , but then I thought there is a bigger issue (problem) to write about that eventually lead to Kerberos Strict Authentication , and that is PKI,Kerberos and Smart card all together .
While smart cards have definite advantages over passwords, they should be deployed with a realistic understanding of the actual protections they provide. Installations should take advantage of the latest configuration and hardening options available, administrators should continue to audit and work to eliminate outdated protocols like NTLM from their networks, and privileged users should always exercise caution when authenticating to low-integrity workstations, even with a smart card.