NT hashes in krb5
Greg Hudson
ghudson at mit.edu
Tue Jan 20 12:09:24 EST 2015
On 01/20/2015 12:08 AM, Zaid Arafeh wrote:
> My questions are
> 1- are there structural differences between MS tickets and MIT tickets?
The tickets themselves are in the same format, defined by RFC 4120. But
they are stored in different ways. MIT krb5 generally stores tickets in
a FILE ccache, whose format is described here:
http://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html
Windows stores Kerberos tickets in an object called the LSA. Kerberos
for Windows can access the LSA using the MSLSA: cache type, but that
isn't relevant to your current task.
> 2- by putting the ticket in the client's /tmp/ am I properly injecting
> it in cache?
No, and we don't provide command-line tools to inject a ticket into a
cache. You will most likely have to write code to do this. You should
be able to use krb5_cc_resolve(), krb5_cc_initialize(),
krb5_cc_store_cred(), and krb5_cc_close() to store a ticket into the
cache without having to write code specifically for the file ccache format.
> 4- is it trivial to create a Kerberos ticket from scratch, given that i
> have all principle secrets?
There's no rocket science involved, but we don't provide command-line
tools or public APIs to do so.
More information about the Kerberos
mailing list