Identify overpriviledged users based on Kerberos token size
Background/Value
The size of a Kerberos token is a good indicator for identifying users with excessive access rights. The more group memberships a user has, the bigger their Kerberos token. Even if a group membership does not automatically grant privileges, it is worthwhile analyzing the listed users.
In addition, there is a risk that users with too many group memberships will no longer be able to login.
Step-by-step process
- Select Dashboard.
- Double-click on a user in the list Top 5 Kerberos Tokens.
- ARM automatically focuses on the selected user in the Accounts view.
- All Parents, meaning groups in which the selected user is a direct or indirect member of, are shown on the left-hand side. We recommend using this flat list for users with a large number of group memberships.