Question about FAST
kristian
x_astroboyz at yahoo.co.id
Fri Jun 25 23:55:14 EDT 2010
There are some more questions I want to ask you about Kerberos protocol
and FAST itself.
1. How can we prove the vulnaribility of
Kerberos protocol without FAST pre-authentication implemented ? Yes, I
know that by sniffing the ticket exchanged between KDC and client
(AS_REQ and AS_REP) we can decrypt the ticket with various password we
try. Have you ever tried to crack this ticket using dictionary attck ?
I try to do this with wireshark to sniff the ticket and john the ripper
to decrypt the ticket I got, but there is no way to get the result.
2.
How is FAST implemented in Kerberos really ? I mean, in what file or
what section script of FAST included in Kerberos has installed and how is it enabled?
I have installed Kerberos V5 in FreeBSD operating system and implemented
mod_auth_kerb for HTTP service successfully. I want to see where FAST
pre-authentication is implemented exactly and how much it's effect for
Kerberos system security.
In
packets I sniffed with wireshark, I see pa-data (but only type 11 and
19 end when preauth-required added in a principal mode, I get padata
type 2), but not FAST pa-data. How can I get FAST enabled in Kerberos ?
I used krb5.1.8.2 in my system.
Thank you very much for your help and answer.
More information about the krbdev
mailing list