decrypt kerberos ticket

Amol Dixit adixit at CLEMSON.EDU
Wed Sep 29 14:33:32 EDT 2004

I am trying to decrypt a Kerberos ticket embedded in an AP_REQ.

Since the password is known, we make the keytab entry using the password
and salt using krb5_string_to_key() & krb5_kt_add_entry().
However krb5_rd_req() fails in krb5_old_decrypt() at this point inspite of
reading the same keytable entry.

if (memcmp(, cksumdata, cksum.length) != 0) {
        goto cleanup;
Is anyone aware whether any manipulation needs
to be done on the 8 byte keytab entry (keyblock) contents before passing
it to k5_c_decrypt(). Can we use the key unmodified to pass to the decrypt
Does anyone have an insight on any manipulations needed (hints on salt
etc). ENCTYPE_DES_CBC_MD5 used.
Please let me know,
Thanks in advance,

More information about the Kerberos mailing list