Ticket Granting Ticket forge
Ken Raeburn
raeburn at MIT.EDU
Fri Oct 2 07:23:33 EDT 2009
On Oct 2, 2009, at 04:57, Remi Ferrand wrote:
> I'm working with MIT Kerberos5 1.6.3
>
> I would like to be able to refresh an existing TGT on my local
> machine, without using the KDC.
>
> My first idea was to decrypt the TGT, modifying its informations
> (start time, end time, renewable time) and encrypt it again.
>
> Is it possible ?
> Which key of the KDC do I need to do this little hack ? (the Master
> Key K/M at REALM ?)
You would need the key for the krbtgt/YOUR.REALM at YOUR.REALM principal
in order to do this. In fact, with that key, you can forge a TGT for
any client principal at all, without needing an existing TGT, so if
anyone else gets their hands on it, your realm's security is
compromised. So unless your local machine is secure enough that you
could run a KDC on it, this would be a really bad idea. And even
then, running a KDC as root is probably a better idea than leaving the
TGS key sitting around accessible under your regular account.
Ken
More information about the Kerberos
mailing list