TGS-REP TICKET decrypting problem

somenath saha saha.somenath.88 at gmail.com
Tue Jun 10 03:17:17 EDT 2014 

thanks Wang. but it did not help me as ktexport doesn't work. please
provide me some other solution. i'm stuck yet.

regards,
somenath


On Tue, Jun 10, 2014 at 10:15 AM, Wang Weijun <weijun.wang at oracle.com>
wrote:

> Windows hides the keys in a "protected storage". After some googling, I
> find a page showing how to reset or extract those keys. Hope it helps (I
> haven't tried it).
>
>   http://wiki.wireshark.org/Kerberos
>
> --max
>
> On Jun 10, 2014, at 12:12, somenath saha <saha.somenath.88 at gmail.com>
> wrote:
>
> > Hi,
> >
> > you told me that KDC is using secret key of the computer itself to
> encrypt
> > the ticket. How do we find this secret key in-order to decrypt the
> ticket?
> > please provide some details about that how to find out the machine secret
> > key.  its urgent. I became stuck in this point for some week.
> >
> > regards,
> > somenath
> >
> >
> >>
> >>
> >>
> >> On Tue, May 20, 2014 at 4:17 PM, somenath saha <
> saha.somenath.88 at gmail.com
> >>> wrote:
> >>
> >>>
> >>>
> >>> ---------- Forwarded message ----------
> >>> From: Wang Weijun <weijun.wang at oracle.com>
> >>> Date: Tue, May 20, 2014 at 3:25 PM
> >>> Subject: Re: TGS-REP TICKET decrypting problem
> >>> To: somenath saha <saha.somenath.88 at gmail.com>
> >>> Cc: "krbdev at mit.edu" <krbdev at mit.edu>
> >>>
> >>>
> >>> The KDC is using the secret key of the computer itself, which is not
> the
> >>> same as any of those user accounts. Assuming your KDC is a Windows
> Server,
> >>> you will see "Users and Computers" in the Active Directory Domain
> Services
> >>> manager, which means each user and computer is a different principal.
> >>>
> >>> --Max
> >>>
> >>>
> >>> On May 20, 2014, at 17:09, somenath saha <saha.somenath.88 at gmail.com>
> >>> wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>>     I need some information regarding the ticket creation in KDC.
> >>>>
> >>>>     Assume my pc’s host name is “SOMENATH-PC” & it has 3 user
> accounts.
> >>>> They are:
> >>>>
> >>>>
> >>>>
> >>>>                       *USER NAME                        PASSWORD*
> >>>>
> >>>> i)             Administrator                        administrator
> >>>>
> >>>> ii)            Somenath                             somenath
> >>>>
> >>>> iii)           Guest                                     guest
> >>>>
> >>>>
> >>>>
> >>>> Now in TGS_REQ message I send “*cifs/SOMENATH-PC.xyz.com
> >>>> <http://somenath-pc.xyz.com/>” *as server name (Service & Host) in
> >>>> KDC_REQ_BODY. After receiving TGS_REQ message KDC prepare a ticket
> >>> which is
> >>>> encrypted by using server’s secret key i.e. SOMENATH-PC’s secret key.
> >>>>
> >>>>
> >>>>
> >>>> Now my question is that in order to encrypt the enc-part of the ticket
> >>> what
> >>>> credential’s is used by KDC as *“SOMENATH-PC”* has three user accounts
> >>>> which is mentioned above. Please provide me some information regarding
> >>> my
> >>>> question.
> >>>>
> >>>>
> >>>>
> >>>> Regards,
> >>>>
> >>>> Somenath
> >>>>
> >>>>
> >>>> On Thu, May 15, 2014 at 12:56 PM, somenath saha
> >>>> <saha.somenath.88 at gmail.com>wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>>     I need some information regarding the ticket creation in KDC.
> >>>>>
> >>>>>     Assume my pc’s host name is “SOMENATH-PC” & it has 3 user
> >>> accounts.
> >>>>> They are:
> >>>>>
> >>>>>
> >>>>>
> >>>>>                       *USER NAME                        PASSWORD *
> >>>>>
> >>>>> i)             Administrator                        administrator
> >>>>>
> >>>>> ii)            Somenath                             somenath
> >>>>>
> >>>>> iii)           Guest                                     guest
> >>>>>
> >>>>>
> >>>>>
> >>>>> Now in TGS_REQ message I send “*cifs/SOMENATH-PC.xyz.com
> >>>>> <http://SOMENATH-PC.xyz.com>” *as server name (Service & Host) in
> >>>>> KDC_REQ_BODY. After receiving TGS_REQ message KDC prepare a ticket
> >>> which is
> >>>>> encrypted by using server’s secret key i.e. SOMENATH-PC’s secret key.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Now my question is that in order to encrypt the enc-part of the
> ticket
> >>>>> what credential’s is used by KDC as *“SOMENATH-PC”* has three user
> >>>>> accounts which is mentioned above. Please provide me some information
> >>>>> regarding my question.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Somenath
> >>>>>
> >>>> _______________________________________________
> >>>> krbdev mailing list             krbdev at mit.edu
> >>>> https://mailman.mit.edu/mailman/listinfo/krbdev
> >>>
> >>>
> >>>
> >>>
> >>
> > _______________________________________________
> > krbdev mailing list             krbdev at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/krbdev
>
>

More information about the krbdev mailing list