Identify overpriviledged users based on Kerberos token size

Background/Value

The size of a Kerberos token is a good indicator for identifying users with excessive access rights. The more group memberships a user has, the bigger their Kerberos token. Even if a group membership does not automatically grant privileges, it is worthwhile analyzing the listed users.

In addition, there is a risk that users with too many group memberships will no longer be able to login.

 

Step-by-step process

  1. Select "Dashboard".
  2. Double-click on the user in the list "Top 5 Kerberos Tokens".

 

  1. ARM automatically focuses on the selected user in the AD graph view.
  2. All "parents", meaning groups in which the selected user is a direct or indirect member of, are shown on the left-hand side. We recommend using this flat list for users with an extremely large number of group memberships.