decrypt kerberos ticket
Amol Dixit
adixit at CLEMSON.EDU
Wed Sep 29 14:33:32 EDT 2004
Hi,
I am trying to decrypt a Kerberos ticket embedded in an AP_REQ.
Since the password is known, we make the keytab entry using the password
and salt using krb5_string_to_key() & krb5_kt_add_entry().
However krb5_rd_req() fails in krb5_old_decrypt() at this point inspite of
reading the same keytable entry.
if (memcmp(cksum.data, cksumdata, cksum.length) != 0) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto cleanup;
}
Is anyone aware whether any manipulation needs
to be done on the 8 byte keytab entry (keyblock) contents before passing
it to k5_c_decrypt(). Can we use the key unmodified to pass to the decrypt
functions?
Does anyone have an insight on any manipulations needed (hints on salt
etc). ENCTYPE_DES_CBC_MD5 used.
Please let me know,
Thanks in advance,
Amol
More information about the Kerberos
mailing list