Xcreds (7130) Does not deal well when the endpoint has an Entra ID Cloud Kerberos Ticket

twocanoes / xcreds

Open Source Project for Syncing IdP password with macOS login password

BSD 3-Clause "New" or "Revised" License

222 stars 25 forks source link

Xcreds (7130) Does not deal well when the endpoint has an Entra ID Cloud Kerberos Ticket #257

Open miawri opened 1 month ago

miawri commented 1 month ago

If PSSO with Secure Enclave is enabled, macOS receives a @KERBEROS.MICROSOFTONLINE.COM kerberos ticket.

This seems to affect any AD based kerberos ticket from being processed correctly by XCreds as the "AD Password Expires" is not populated when this cloud ticket is present.

Destroying the cloud ticket and re-running XCreds allows that field to be populated.

davelebbing commented 1 month ago

@twocanoes can you confirm if this is milestone XCreds 5 vs future? I will need some testing guidance for this.