A fairly simple method of adding in Kerberos support. Very little code is added to achieve this and most of it is boiler plate to tell which type of connection we should be making. Additionally if Kerberos is selected a startTLS() call is made. Lastly gssapi was added as a requirement.
The usage of this new feature would work as follows:
if you dont have Kerberos support installed, install it and configure it for the environment you plan to run this.
obtain a ccache file using kinit or obtain one through other methods.
preform ldapdomaindump with the -k flag, remembering to provide a FQDN instead of an IP address.
Get ldapdomaindump using Kerberos.
This has been tested on kali machines. Tests were preformed using all previous methods of commands I could think of to ensure to logic was removed as well as in multiple domain setups to include ones with channel binding and signing requirements. No issues were found.
A fairly simple method of adding in Kerberos support. Very little code is added to achieve this and most of it is boiler plate to tell which type of connection we should be making. Additionally if Kerberos is selected a startTLS() call is made. Lastly gssapi was added as a requirement.
The usage of this new feature would work as follows:
This has been tested on kali machines. Tests were preformed using all previous methods of commands I could think of to ensure to logic was removed as well as in multiple domain setups to include ones with channel binding and signing requirements. No issues were found.