Kerberos Password Sniffing

Russ Allbery rra at
Sat Nov 30 23:24:55 EST 2002

Paul Vixie <vixie at> writes:

> is there a "crack" module for kerberos?  after reading the stanford
> paper about how kerberos tickets could be attacked offline, i've been
> wanting to actually try this -- no sniffing is required -- against my
> own kerberos db to look for easy to guess passwords.

Note that the findings of that paper only apply if you use Kerberos v4 or
don't have preauth turned on.  If you're using Kerberos v5 with preauth
turned on for all users, you cannot launch that style of off-line attack.

You can still use the same technique to launch an on-line attack, however.

I know that Jack the Ripper has code available to work against an AFS
kaserver database, but I don't know about Kerberos v5.  We link cracklib
along with additional fascist rules into our kadmind and basically try to
"pre-crack" passwords whenever anyone changes them.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list