#gmsa — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gmsa, aggregated by home.social.
-
Использование gMSA в Linux-контейнерах
Зачем вообще использовать gMSA в контейнерах? Group Managed Service Accounts (gMSA) решает проблему хранения и обновления сервисных паролей: пароль хранится только в AD и регулярно обновляется автоматически. Использование gMSA позволяет не менять уже настроенные ACL и роли на файловых шарах и SQL-серверах - приложения продолжают работать с прежними правами через корпоративные Kerberos/SPN-механизмы. Такая интеграция обеспечивает прозрачный и контролируемый переход классических приложений в контейнерную инфраструктуру Kubernetes. Посмотрим как это работает на примере простого кроссплатформенного dotnet-приложения.
-
Использование gMSA в Linux-контейнерах
Зачем вообще использовать gMSA в контейнерах? Group Managed Service Accounts (gMSA) решает проблему хранения и обновления сервисных паролей: пароль хранится только в AD и регулярно обновляется автоматически. Использование gMSA позволяет не менять уже настроенные ACL и роли на файловых шарах и SQL-серверах - приложения продолжают работать с прежними правами через корпоративные Kerberos/SPN-механизмы. Такая интеграция обеспечивает прозрачный и контролируемый переход классических приложений в контейнерную инфраструктуру Kubernetes. Посмотрим как это работает на примере простого кроссплатформенного dotnet-приложения.
-
Использование gMSA в Linux-контейнерах
Зачем вообще использовать gMSA в контейнерах? Group Managed Service Accounts (gMSA) решает проблему хранения и обновления сервисных паролей: пароль хранится только в AD и регулярно обновляется автоматически. Использование gMSA позволяет не менять уже настроенные ACL и роли на файловых шарах и SQL-серверах - приложения продолжают работать с прежними правами через корпоративные Kerberos/SPN-механизмы. Такая интеграция обеспечивает прозрачный и контролируемый переход классических приложений в контейнерную инфраструктуру Kubernetes. Посмотрим как это работает на примере простого кроссплатформенного dotnet-приложения.
-
Использование gMSA в Linux-контейнерах
Зачем вообще использовать gMSA в контейнерах? Group Managed Service Accounts (gMSA) решает проблему хранения и обновления сервисных паролей: пароль хранится только в AD и регулярно обновляется автоматически. Использование gMSA позволяет не менять уже настроенные ACL и роли на файловых шарах и SQL-серверах - приложения продолжают работать с прежними правами через корпоративные Kerberos/SPN-механизмы. Такая интеграция обеспечивает прозрачный и контролируемый переход классических приложений в контейнерную инфраструктуру Kubernetes. Посмотрим как это работает на примере простого кроссплатформенного dotnet-приложения.
-
Anyone know the history of this? There are some things that are obvious. The base is the #Opel Rekord D. It’s South Africa. It must be a variant of the #Chevrolet 2500, 3800 or 4100 (the file name suggests 2500). But what is the deal with the grille? It seems Chevrolet (#GMSA) was experimenting with the Wayne Cherry droop snoot? #GM #WeirdCarMastodon #car #Auto #RSA #history
-
Anyone know the history of this? There are some things that are obvious. The base is the #Opel Rekord D. It’s South Africa. It must be a variant of the #Chevrolet 2500, 3800 or 4100 (the file name suggests 2500). But what is the deal with the grille? It seems Chevrolet (#GMSA) was experimenting with the Wayne Cherry droop snoot? #GM #WeirdCarMastodon #car #Auto #RSA #history
-
Anyone know the history of this? There are some things that are obvious. The base is the #Opel Rekord D. It’s South Africa. It must be a variant of the #Chevrolet 2500, 3800 or 4100 (the file name suggests 2500). But what is the deal with the grille? It seems Chevrolet (#GMSA) was experimenting with the Wayne Cherry droop snoot? #GM #WeirdCarMastodon #car #Auto #RSA #history
-
Anyone know the history of this? There are some things that are obvious. The base is the #Opel Rekord D. It’s South Africa. It must be a variant of the #Chevrolet 2500, 3800 or 4100 (the file name suggests 2500). But what is the deal with the grille? It seems Chevrolet (#GMSA) was experimenting with the Wayne Cherry droop snoot? #GM #WeirdCarMastodon #car #Auto #RSA #history
-
Anyone know the history of this? There are some things that are obvious. The base is the #Opel Rekord D. It’s South Africa. It must be a variant of the #Chevrolet 2500, 3800 or 4100 (the file name suggests 2500). But what is the deal with the grille? It seems Chevrolet (#GMSA) was experimenting with the Wayne Cherry droop snoot? #GM #WeirdCarMastodon #car #Auto #RSA #history
-
Active Directory Managed Service Accounts – sMSA, gMSA e dMSA
#ActiveDirectory #Security #Cybersecurity #ManagedServiceAccounts #ITPro #gMSA #dMSA #ICTPower
-
Active Directory Managed Service Accounts – sMSA, gMSA e dMSA
#ActiveDirectory #Security #Cybersecurity #ManagedServiceAccounts #ITPro #gMSA #dMSA #ICTPower
-
If you can't seem to install your gMSA service account, it might be because your recently removed RC4. #gMSA #windows
Also shoutout to @textfiles for being able to find this otherwise lost article!
-
If you can't seem to install your gMSA service account, it might be because your recently removed RC4. #gMSA #windows
Also shoutout to @textfiles for being able to find this otherwise lost article!
-
If you can't seem to install your gMSA service account, it might be because your recently removed RC4. #gMSA #windows
Also shoutout to @textfiles for being able to find this otherwise lost article!
-
If you can't seem to install your gMSA service account, it might be because your recently removed RC4. #gMSA #windows
Also shoutout to @textfiles for being able to find this otherwise lost article!
-
If you can't seem to install your gMSA service account, it might be because your recently removed RC4. #gMSA #windows
Also shoutout to @textfiles for being able to find this otherwise lost article!
-
New capabilities on ECS
• Domainless gMSA authentication for Linux and Windows containers https://aws.amazon.com/about-aws/whats-new/2023/07/aws-fargate-container-startup-seekable-oci/
• ECS Fargate supports Seekable OCI (SOCI), a technology open sourced by AWS that helps applications deploy and scale out faster by enabling the containers to start without waiting for the entire container image to be downloaded. https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-ecs-domainless-gmsa-authentication-linux-windows-containers/
#AWS #ECS #Fargate #gMSA #SOCI -
Security is an important consideration when running production workloads on a Service Fabric cluster, and Windows security with group Managed Service Accounts (gMSA) is the recommended model. This article outlines how to configure node-to-node and client-to-node security using the gMSA model in a standalone Service Fabric Cluster running on Azure Virtual Machine Scale Sets with Windows Server 2022. https://techcommunity.microsoft.com/t5/azure-paas-blog/standalone-service-fabric-cluster-secured-with-windows-gmsa/ba-p/3715287 #ServiceFabric #gMSA #AzureVMSS
-
Security is an important consideration when running production workloads on a Service Fabric cluster, and Windows security with group Managed Service Accounts (gMSA) is the recommended model. This article outlines how to configure node-to-node and client-to-node security using the gMSA model in a standalone Service Fabric Cluster running on Azure Virtual Machine Scale Sets with Windows Server 2022. https://techcommunity.microsoft.com/t5/azure-paas-blog/standalone-service-fabric-cluster-secured-with-windows-gmsa/ba-p/3715287 #ServiceFabric #gMSA #AzureVMSS
-
Security is an important consideration when running production workloads on a Service Fabric cluster, and Windows security with group Managed Service Accounts (gMSA) is the recommended model. This article outlines how to configure node-to-node and client-to-node security using the gMSA model in a standalone Service Fabric Cluster running on Azure Virtual Machine Scale Sets with Windows Server 2022. https://techcommunity.microsoft.com/t5/azure-paas-blog/standalone-service-fabric-cluster-secured-with-windows-gmsa/ba-p/3715287 #ServiceFabric #gMSA #AzureVMSS
-
Security is an important consideration when running production workloads on a Service Fabric cluster, and Windows security with group Managed Service Accounts (gMSA) is the recommended model. This article outlines how to configure node-to-node and client-to-node security using the gMSA model in a standalone Service Fabric Cluster running on Azure Virtual Machine Scale Sets with Windows Server 2022. https://techcommunity.microsoft.com/t5/azure-paas-blog/standalone-service-fabric-cluster-secured-with-windows-gmsa/ba-p/3715287 #ServiceFabric #gMSA #AzureVMSS
-
Microsoft is rolling out fixes for problems with the #Kerberos network #authentication protocol on Windows Server after it was broken by a November 8 Patch: https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/ | #DomainController #GMSA
-
Microsoft is rolling out fixes for problems with the #Kerberos network #authentication protocol on Windows Server after it was broken by a November 8 Patch: https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/ | #DomainController #GMSA
-
Microsoft is rolling out fixes for problems with the #Kerberos network #authentication protocol on Windows Server after it was broken by a November 8 Patch: https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/ | #DomainController #GMSA
-
Microsoft is rolling out fixes for problems with the #Kerberos network #authentication protocol on Windows Server after it was broken by a November 8 Patch: https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/ | #DomainController #GMSA
-
Microsoft is rolling out fixes for problems with the #Kerberos network #authentication protocol on Windows Server after it was broken by a November 8 Patch: https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/ | #DomainController #GMSA
-
For those with questions on how th check the #November #Patches issue mentioned by @fabian_bader, where "services like MDI that run on the Domain Controller itself and use a #gMSA won't start anymore if msDS-SupportedEncryptionTypes is set to AES 128 and/or AES 256 only"
You can run (at least on your DC) get-adcomputer -properties msDS-SupportedEncryptionTypes -filter * and if it returns 24 I believe you are affected. Possible also the values 16 and 8 if I'm understanding this bug right.
Source for values: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797
Source for PowerShell: https://serverfault.com/questions/896486/query-kerberos-encryption-modes-supported-by-ad-through-ldap
-
For those with questions on how th check the #November #Patches issue mentioned by @fabian_bader, where "services like MDI that run on the Domain Controller itself and use a #gMSA won't start anymore if msDS-SupportedEncryptionTypes is set to AES 128 and/or AES 256 only"
You can run (at least on your DC) get-adcomputer -properties msDS-SupportedEncryptionTypes -filter * and if it returns 24 I believe you are affected. Possible also the values 16 and 8 if I'm understanding this bug right.
Source for values: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797
Source for PowerShell: https://serverfault.com/questions/896486/query-kerberos-encryption-modes-supported-by-ad-through-ldap
-
For those with questions on how th check the #November #Patches issue mentioned by @fabian_bader, where "services like MDI that run on the Domain Controller itself and use a #gMSA won't start anymore if msDS-SupportedEncryptionTypes is set to AES 128 and/or AES 256 only"
You can run (at least on your DC) get-adcomputer -properties msDS-SupportedEncryptionTypes -filter * and if it returns 24 I believe you are affected. Possible also the values 16 and 8 if I'm understanding this bug right.
Source for values: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797
Source for PowerShell: https://serverfault.com/questions/896486/query-kerberos-encryption-modes-supported-by-ad-through-ldap
-
For those with questions on how th check the #November #Patches issue mentioned by @fabian_bader, where "services like MDI that run on the Domain Controller itself and use a #gMSA won't start anymore if msDS-SupportedEncryptionTypes is set to AES 128 and/or AES 256 only"
You can run (at least on your DC) get-adcomputer -properties msDS-SupportedEncryptionTypes -filter * and if it returns 24 I believe you are affected. Possible also the values 16 and 8 if I'm understanding this bug right.
Source for values: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797
Source for PowerShell: https://serverfault.com/questions/896486/query-kerberos-encryption-modes-supported-by-ad-through-ldap