Ticket Granting Ticket forge

Ken Raeburn raeburn at MIT.EDU
Fri Oct 2 07:23:33 EDT 2009

On Oct 2, 2009, at 04:57, Remi Ferrand wrote:
> I'm working with MIT Kerberos5 1.6.3
> I would like to be able to refresh an existing TGT on my local  
> machine, without using the KDC.
> My first idea was to decrypt the TGT, modifying its informations  
> (start time, end time, renewable time) and encrypt it again.
> Is it possible ?
> Which key of the KDC do I need to do this little hack ? (the Master  
> Key K/M at REALM ?)

You would need the key for the krbtgt/YOUR.REALM at YOUR.REALM principal  
in order to do this.  In fact, with that key, you can forge a TGT for  
any client principal at all, without needing an existing TGT, so if  
anyone else gets their hands on it, your realm's security is  
compromised.  So unless your local machine is secure enough that you  
could run a KDC on it, this would be a really bad idea.  And even  
then, running a KDC as root is probably a better idea than leaving the  
TGS key sitting around accessible under your regular account.


More information about the krbdev mailing list