-
-
Notifications
You must be signed in to change notification settings - Fork 9
Authentication
Artur Marzano edited this page Feb 16, 2026
·
10 revisions
Authentication in flashingestor is mainly managed by RedTeamPentesting/adauth.
Please note that flashingestor does not test the specified credentials until you run either Ingestion or Remote Collection, so try to make sure to use the right credentials. A bind test is performed before actual LDAP ingestion and it only proceeds if the test is successful, but remote collection will try to authenticate to all targets regardless of errors.
| Supplied Credentials | Protocol Options | Details |
|---|---|---|
| Anonymous | SimpleBind | Requires dSHeuristics of 0000002 in the DirectoryServices object. May have limited visibility due to lack of Read ACEs. |
| User + Password | SimpleBind (--simple-bind)NTLM (default) Kerberos ( -k) |
Supports cross-domain authentication over NTLM. |
| User + NT Hash | NTLM (default) Kerberos ( -k) |
Supports cross-domain authentication over NTLM. |
| User + Kerberos Ticket | Kerberos (-k) |
Uses existing TGT from ccache file (via --ccache or KRB5CCNAME environment variable). |
| User + AES Key | Kerberos (-k) |
Pass-the-key using AES128 or AES256 key. |
| User + Certificate (PFX/PEM) | LDAPS (default) LDAP+STARTTLS ( --start-tls)PKINIT ( -k) |
Certificate-based authentication using PFX (PKCS#12) or PEM format. |
| Supplied Credentials | Protocol Options | Details |
|---|---|---|
| User + Password | NTLM (default) Kerberos ( -k) |
Supports cross-domain authentication over NTLM. |
| User + NT Hash | NTLM (default) Kerberos ( -k) |
Supports cross-domain authentication over NTLM. |
| User + Kerberos Ticket | Kerberos (-k) |
Uses existing TGT from ccache file (via --ccache or KRB5CCNAME environment variable). |
| User + AES Key | Kerberos (-k) |
Pass-the-key using AES128 or AES256 key. |
| User + Certificate (PFX/PEM) |
PKINIT (default) | Certificate-based authentication using PFX (PKCS#12) or PEM format. |
Note
Cross-domain authentication is currently limited to password and NT hash methods over NTLM. Kerberos-only methods (ticket, AES key) or certificate-based methods will only authenticate into computers part of the same domain as the specified user.