Identify over-privileged users based on Kerberos token size
The Kerberos token size can help you identify users with excessive access rights. The token size is an expression of the number of group memberships. When a user becomes a member of a group, their token grows proportionately based on the total number of their group memberships. If a user's token size exceeds 64 KB, the user cannot log in to the network.
Using the dashboard in the Access Rights Manager manager application, you can identify the top five users in your deployment with the highest Kerberos token size. If their token size is approaching 64000 (64 KB), you can take the appropriate steps to help each user reduce the number of their group memberships.
-
Log in to the Access Rights Manager application.
-
In the toolbar, click Dashboard.
-
In the Reporting screen, maximize Top 5 Kerberos Tokens (bytes) and double-click a user. This list includes the top five users with the most Kerberos tokens in your deployment.
-
In the Graph view, review the parent groups associated with the selected user.
In the Account view (1), ARM automatically focuses on the selected user.
In the Parents tab located in the left column (2), you can view all parent groups where the selected user is a direct or indirect member. SolarWinds recommends using this flat list for identifying users with an excessive number of group memberships.