Question about FAST

kristian x_astroboyz at
Fri Jun 25 23:55:14 EDT 2010

There are some more questions I want to ask you about Kerberos protocol 
and FAST itself.

1. How can we prove the vulnaribility of 
Kerberos protocol without FAST pre-authentication implemented ?  Yes, I 
know that by sniffing the ticket exchanged between KDC and client 
(AS_REQ and AS_REP) we can decrypt the ticket with various password we 
try. Have you ever tried to crack this ticket using dictionary attck ?

I try to do this with wireshark to sniff the ticket and john the ripper 
to decrypt the ticket I got, but there is no way to get the result.

 How is FAST implemented in Kerberos really ? I mean, in what file or 
what section script of FAST included in Kerberos has installed and how is it enabled?

I have installed Kerberos V5 in FreeBSD operating system and implemented
 mod_auth_kerb for HTTP service successfully. I want to see where FAST 
pre-authentication is implemented exactly and how much it's effect for 
Kerberos system security.
packets I sniffed with wireshark, I see pa-data (but only type 11 and
19 end when preauth-required added in a principal mode, I get padata
type 2), but not FAST pa-data. How can I get FAST enabled in Kerberos ?
I used krb5.1.8.2 in my system. 

Thank you very much for your help and answer.

More information about the krbdev mailing list