decrypting the user password

Sean M. Pappalardo spappalardo at renegadetech.com
Wed Feb 13 02:05:07 EST 2013


Hello.

On 02/13/2013 05:53 AM, Asmaa Ahmed wrote:
> I am having kerberos MIT integrated to LDAP as a backend which is
> good so far.The problem that I have some applications doesn't support
> Kerberos to restore the user credentials.

Do they support authentication with LDAP? If so, you can configure your 
LDAP server to use SASL to check the user passwords against Kerberos. 
See this article: 
http://thomas.dereyck.eu/wiki/Setting%20up%20an%20LDAP%20server#Enabling_pass-through_authentication_to_Kerberos

> I wonder if I can decrypt
> the password from Kerberos server manually to have it in a plaintext,

As Chris said, that's a big security risk and completely defeats 
Kerberos' purpose. If the applications don't allow any external 
authentication, you might be able to find a plug-in that sits between 
the application and the DB that intercepts the auth requests and 
services them with SASL or Kerberos directly.

Sincerely,
Sean M. Pappalardo
Sr. Networks Engineer
Renegade Technologies
spappalardo at renegadetech.com
Office: (630) 631-6188
http://www.renegadetech.com



More information about the Kerberos mailing list