Forum Discussion
Nessus can now use Kerberos for DCOM Authentication Summary...
Will this also support Kerberos armoring. AKA FAST?
We use the GPO setting "KDC support for claims, compound authentication for Dynamic Access Control and Kerberos armoring: Fail unarmored authentication requests"
It appears that Nessus Professional is incapable of using compound authentication for Kerberos. This is also knows as Flexible Authentication Secure Tunneling (FAST) for Kerberos
See MS Documentation at https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831747(v=ws.11)
And also https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/additional-mitigations#kerberos-armoring
Can you confirm? If it does not support it, then how do we request this to be supported? This was available from MS back in 2012, over 10 years ago.
Thanks,
Eli
