AFS Token / Kerberos v5 ticket

Remi Ferrand remi.ferrand at cc.in2p3.fr
Mon Oct 19 11:37:44 EDT 2009


Hi,

I'm trying to find a way to decrypt efficiently an AFS Token created
with "kinit + aklog" in order to access the encrypted data.

Every attempt I made to use the tkt_DecodeTicket5 function was
unsuccessful (this function is supposed to exist for this purpose, isn't
it ?)

My last (and ultimate) idea is to map the AFS Token to a krb5_ticket and
to decrypt it with the krb5_decrypt_tkt_part function.
That's not an easy trick and I would like to know if someone has already
written something about this ....

My questions are :
* Is it possible to map an AFS Token to a krb5_ticket and decrypt it
using krb5_decrypt_tkt_part function ?
    The encrypted part of AFS Tokens created with "kinit+aklog" is based
on the krb5_encrypt_tkt_part function so I think that's possible.

* Does anyone have already tried something like this ?
    Anyone could help me doing this ?

For sure, any other idea to access the encrypted content of the AFS
Tokens created with "kinit + aklog" are accepted.

Thanks in advance

Remi

-- 

Remi Ferrand             | Institut National de Physique Nucleaire
Tel. +33(0)4.78.93.08.80 |     et de Physique des Particules
Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4055 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20091019/d425dcee/attachment.bin


More information about the Kerberos mailing list