man in the middle on MIT kerberos

Nikhil Mishra nikhilm at
Thu Feb 26 07:21:21 EST 2009

Hi All ,

I have been trying to do this for a long time but to no rescue
and so I will put it simply now.
Is it possible to create a man in the middle in a kerberos environment , If
I own admin privileges in all components of the traffic i.e ( windows
KDC , windows based application , windows based client ) ?

I have a linux box which I want to behave as man in the middle so
basically I want to be able to decrypt AP-REQ from client .

I have tried all kinds of ways but everything boils down to one thing
that is getting an authentic keytab from windows KDC for the application.
There isn't one utility which does this for a windows based service , at
all I know of including ktpass .

Is this possible or have I been chasing a wild goose ?



More information about the krbdev mailing list