When Active Directory And LDAP Aren’t Enough

Ultimately, the chaos is breeding a whole new niche in Identity as a Service (IdaaS) that’s being tightly contested by vendors like Okta and Identropy and others like Centrifiy and Symplified. It’s an exploding market that Gartner says will make up a quarter of all new IAM sales by the end of 2014 and 40 percent by 2015,

via When Active Directory And LDAP Aren’t Enough – Dark Reading.

Not another x as a service acronym.  IAM=Identity and Access Management

NTLM Challenge Response is 100% Broken (Yes, this is still relevant)

According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses! While these lists leave out server OSs, 2003 Server still sends NTLM responses by default. Yes, every MS OS since NT 4.0 SP4 has supported NTLMv2, but NTLM and LM were not excluded by default until Vista.

via Mark Gamache’s Random Blog: NTLM Challenge Response is 100% Broken (Yes, this is still relevant).

Well, here it is: I’VE BROKEN NTLM.

From the wiki definition of NTLM:

Microsoft no longer recommends NTLM in applications:[6]

“Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM.”

While Kerberos has replaced NTLM as the default authentication protocol in an Active Directory (AD) based single sign-on scheme, NTLM is still widely used in situations where a domain controller is not available or is unreachable. For example, NTLM would be used if a client is not Kerberos capable, the server is not joined to a domain, or the user is remotely authenticating over the web.[1][3]

Samba – opening windows to a wider world

As the culmination of ten years’ work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations.

via Samba – opening windows to a wider world.

Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments.

Open Source Directory benchmark

As interns, we recently completed an assignment to benchmark read, write, modify and authentication performance of different Directory servers. This two part blog entry reports on our findings. This first part introduces the directory servers we subjected to our benchmark. The second part contains the benchmark results and conclusions.

via IS4U blog.