undefined | Better HN

0 pointsdessimus1y ago0 comments

>For key rotation, it may not be as simple as it sounds. I expect better from MS as well but for example, for on-prem AD, the krbtgt account should be rotated yearly but in practice, it carries a huge risk of outages for accounts that depend on it a lot for kerberos ticketing.

If only there were internal development resources that Microsoft could leverage to build a more robust system, maybe one that allows for phasing in of new keys, and not have to wait on external vendors to get around to improving security like the rest of us do.

0 comments

badrabbit1y ago

In hindsight yeah, they could have done better but I suspect they were focused migration to cloud from on prem, doing a whole new robust directory system wasn't top priority. I doubt it is now either unless the government twists their arms. They instead rebranded as entra id lol.

j / k navigate · click thread line to collapse

0 pointsdessimus1y ago0 comments

0 comments

badrabbit1y ago

j / k navigate · click thread line to collapse