man in the middle on MIT kerberos
Douglas E. Engert
deengert at anl.gov
Fri Feb 27 15:35:22 EST 2009
Nikhil Mishra wrote:
> Hi All ,
>
> I have been trying to do this for a long time but to no rescue
> and so I will put it simply now.
>
> Is it possible to create a man in the middle in a kerberos environment , If
> I own admin privileges in all components of the traffic i.e ( windows
> KDC , windows based application , windows based client ) ?
>
> I have a linux box which I want to behave as man in the middle so
> basically I want to be able to decrypt AP-REQ from client .
You might want start here for W2K:
http://support.microsoft.com/kb/260575
and for W2003:
http://support.microsoft.com/kb/325850
It lets the admin reset the machine password and the password in AD.
It look like you can specify the password which you could then use with
kt_util or maybe ktpass to create a keytab.
>
> I have tried all kinds of ways but everything boils down to one thing
> that is getting an authentic keytab from windows KDC for the application.
> There isn't one utility which does this for a windows based service , at
> least
> all I know of including ktpass .
>
> Is this possible or have I been chasing a wild goose ?
>
>
> Regards
>
> Nikhil
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list