On Tue, Sep 30, 2014 at 11:56 AM, Wendy Lin <wendlin1...@gmail.com> wrote: > On 30 September 2014 18:32, ronnie sahlberg <ronniesahlb...@gmail.com> wrote: >> On Tue, Sep 30, 2014 at 9:17 AM, Wendy Lin <wendlin1...@gmail.com> wrote: >>> On 30 September 2014 17:55, ronnie sahlberg <ronniesahlb...@gmail.com> >>> wrote: >>>> On Tue, Sep 30, 2014 at 8:25 AM, Wendy Lin <wendlin1...@gmail.com> wrote: >>>>> On 30 September 2014 15:25, Rick van Rein <r...@openfortress.nl> wrote: >>>>>> Hi, >>>>>> >>>>>>>>> Does Kerberos5 have a ticket to ascii converter so someone can see >>>>>>>>> what a ticket looks like in plain text? >>>>>>>> >>>>>>>> You might use any ASN.1 parser to see the structure, without it >>>>>>>> actually being spelled out in terms of the Kerberos field names. >>>>>>> >>>>>>> Is the file format of the ticket cache in ASN.1? >>>>>> >>>>>> That would depend on its implementation. >>>>> >>>>> MIT kerberos 1.12, DIR: cache >>>>> >>>>>> You asked for tickets ;-) which are defined in ASN.1 in the RFCs. I >>>>>> think the WireShark suggestion is better than mine, but it won’t do what >>>>>> you are asking. >>>>> >>>>> Why? >>>> >>>> One reason is because most of the ticket are encrypted blobs. Without >>>> decryption these blobs will just look like huge piles of random bytes, >>>> so there is not really much interesting to see in the ticket. >>>> If you want to look at the interesting parts of a ticket you really >>>> want to decrypt these blobs. >>> >>> OK >>> >>> is there a C function in libkrb5 which takes a keytab and the data >>> blob as parameter, and returns the decrypted data blob? >> >> In wireshark I use krb5_c_decrypt(). It takes a key, not a keytab, so >> you may need to iterate over all keys in the keytab. >> >> See: >> https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=asn1/kerberos/packet-kerberos-template.c;h=9eb82ab37f8d89ef57f691df656e063d8ad6c713;hb=HEAD#l400 >> >> (We iterate over all the keys in wireshark and try them one by one >> because it was easier than tracking SPN->key mappings.) >> >> > > What is a SPN?
ServicePrincipalName. I.e. user/service names in kerberos. A real kerberos implementation would see that "This ticket is for the user with the SPN == foo@realm and then it would read the keytab file the find the encryption key that matches that name. I don't do that in wireshark, instead I just iterate over the whole keytab file and try them one after the other until I, hopefully, find one that could successfully decrypt the blob. >> >> >>> >>> Wendy > > > > Wendy ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
