man in the middle on MIT kerberos
Sam Hartman
hartmans at MIT.EDU
Fri Feb 27 14:07:56 EST 2009
>>>>> "Nikhil" == Nikhil Mishra <nikhilm at gs-lab.com> writes:
Nikhil> Hi All , I have been trying to do this for a long time but
Nikhil> to no rescue and so I will put it simply now.
Nikhil> Is it possible to create a man in the middle in a kerberos
Nikhil> environment , If I own admin privileges in all components
Nikhil> of the traffic i.e ( windows KDC , windows based
Nikhil> application , windows based client ) ?
Yes.
I think what you want to do is figure out how to extract (or set
yourselfL) the password for the windows service in AD and then use
ktutil to construct the keytab. ktpass seems to hurt people more than
it helps.
I don't know enough about AD internals to know how you should extract
the password. I'll also note that you need to be aware of the concern
that Jeff Altman raised: the password will periodically be updated and
you'll have to deal with that.
--Sam
More information about the krbdev
mailing list