man in the middle on MIT kerberos
Douglas E. Engert
deengert at anl.gov
Fri Feb 27 15:35:22 EST 2009
Nikhil Mishra wrote:
> Hi All ,
> I have been trying to do this for a long time but to no rescue
> and so I will put it simply now.
> Is it possible to create a man in the middle in a kerberos environment , If
> I own admin privileges in all components of the traffic i.e ( windows
> KDC , windows based application , windows based client ) ?
> I have a linux box which I want to behave as man in the middle so
> basically I want to be able to decrypt AP-REQ from client .
You might want start here for W2K:
and for W2003:
It lets the admin reset the machine password and the password in AD.
It look like you can specify the password which you could then use with
kt_util or maybe ktpass to create a keytab.
> I have tried all kinds of ways but everything boils down to one thing
> that is getting an authentic keytab from windows KDC for the application.
> There isn't one utility which does this for a windows based service , at
> all I know of including ktpass .
> Is this possible or have I been chasing a wild goose ?
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev