man in the middle on MIT kerberos

Douglas E. Engert deengert at
Fri Feb 27 15:35:22 EST 2009

Nikhil Mishra wrote:
> Hi All ,
> I have been trying to do this for a long time but to no rescue
> and so I will put it simply now.
> Is it possible to create a man in the middle in a kerberos environment , If
> I own admin privileges in all components of the traffic i.e ( windows
> KDC , windows based application , windows based client ) ?
> I have a linux box which I want to behave as man in the middle so
> basically I want to be able to decrypt AP-REQ from client .

You might want start here for W2K:
and for W2003:

It lets the admin reset the machine password and the password in AD.
It look like you can specify the password which you could then use with
kt_util or maybe ktpass to create a keytab.

> I have tried all kinds of ways but everything boils down to one thing
> that is getting an authentic keytab from windows KDC for the application.
> There isn't one utility which does this for a windows based service , at
> least
> all I know of including ktpass .
> Is this possible or have I been chasing a wild goose ?
> Regards
> Nikhil
> _______________________________________________
> krbdev mailing list             krbdev at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list