TGS-REP TICKET decrypting problem
Zheng, Kai
kai.zheng at intel.com
Tue Jun 10 04:45:19 EDT 2014
Somenath,
I might misunderstand what you want to do. Is it in windows application layer that you send a TGS-REQ? If so you're sure to know which service/server principal to use since you need to specify it and thus you may also know and be able to access the srvtab or keytab for the service as such is a deployment step. But if you're meaning it for windows system built-in account, then I think Weijun is right and the credential/key for the system account is hided from application layer. I don't know how to access it either. But would you make sure is that your intention? Thanks.
Kai
-----Original Message-----
From: Zheng, Kai
Sent: Tuesday, June 10, 2014 3:34 PM
To: somenath saha; Wang Weijun; krbdev at mit.edu
Subject: RE: TGS-REP TICKET decrypting problem
Hi Somenath,
When you send TGS_REQ with a tgt to request a service ticket for a service/server, you must specify the service/server principal in TGS_REQ. KDC will query the backend for the encryption key of the specified service principal and use the encryption key to encrypt enc-part of the issued service ticket.
Hope this helps.
Kai
-----Original Message-----
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf Of somenath saha
Sent: Tuesday, June 10, 2014 3:17 PM
To: Wang Weijun; krbdev at mit.edu
Subject: Re: TGS-REP TICKET decrypting problem
thanks Wang. but it did not help me as ktexport doesn't work. please provide me some other solution. i'm stuck yet.
regards,
somenath
On Tue, Jun 10, 2014 at 10:15 AM, Wang Weijun <weijun.wang at oracle.com>
wrote:
> Windows hides the keys in a "protected storage". After some googling,
> I find a page showing how to reset or extract those keys. Hope it
> helps (I haven't tried it).
>
> http://wiki.wireshark.org/Kerberos
>
> --max
>
> On Jun 10, 2014, at 12:12, somenath saha <saha.somenath.88 at gmail.com>
> wrote:
>
> > Hi,
> >
> > you told me that KDC is using secret key of the computer itself to
> encrypt
> > the ticket. How do we find this secret key in-order to decrypt the
> ticket?
> > please provide some details about that how to find out the machine
> > secret key. its urgent. I became stuck in this point for some week.
> >
> > regards,
> > somenath
> >
> >
> >>
> >>
> >>
> >> On Tue, May 20, 2014 at 4:17 PM, somenath saha <
> saha.somenath.88 at gmail.com
> >>> wrote:
> >>
> >>>
> >>>
> >>> ---------- Forwarded message ----------
> >>> From: Wang Weijun <weijun.wang at oracle.com>
> >>> Date: Tue, May 20, 2014 at 3:25 PM
> >>> Subject: Re: TGS-REP TICKET decrypting problem
> >>> To: somenath saha <saha.somenath.88 at gmail.com>
> >>> Cc: "krbdev at mit.edu" <krbdev at mit.edu>
> >>>
> >>>
> >>> The KDC is using the secret key of the computer itself, which is
> >>> not
> the
> >>> same as any of those user accounts. Assuming your KDC is a Windows
> Server,
> >>> you will see "Users and Computers" in the Active Directory Domain
> Services
> >>> manager, which means each user and computer is a different principal.
> >>>
> >>> --Max
> >>>
> >>>
> >>> On May 20, 2014, at 17:09, somenath saha
> >>> <saha.somenath.88 at gmail.com>
> >>> wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> I need some information regarding the ticket creation in KDC.
> >>>>
> >>>> Assume my pc’s host name is “SOMENATH-PC” & it has 3 user
> accounts.
> >>>> They are:
> >>>>
> >>>>
> >>>>
> >>>> *USER NAME PASSWORD*
> >>>>
> >>>> i) Administrator administrator
> >>>>
> >>>> ii) Somenath somenath
> >>>>
> >>>> iii) Guest guest
> >>>>
> >>>>
> >>>>
> >>>> Now in TGS_REQ message I send “*cifs/SOMENATH-PC.xyz.com
> >>>> <http://somenath-pc.xyz.com/>” *as server name (Service & Host)
> >>>> in KDC_REQ_BODY. After receiving TGS_REQ message KDC prepare a
> >>>> ticket
> >>> which is
> >>>> encrypted by using server’s secret key i.e. SOMENATH-PC’s secret key.
> >>>>
> >>>>
> >>>>
> >>>> Now my question is that in order to encrypt the enc-part of the
> >>>> ticket
> >>> what
> >>>> credential’s is used by KDC as *“SOMENATH-PC”* has three user
> >>>> accounts which is mentioned above. Please provide me some
> >>>> information regarding
> >>> my
> >>>> question.
> >>>>
> >>>>
> >>>>
> >>>> Regards,
> >>>>
> >>>> Somenath
> >>>>
> >>>>
> >>>> On Thu, May 15, 2014 at 12:56 PM, somenath saha
> >>>> <saha.somenath.88 at gmail.com>wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> I need some information regarding the ticket creation in KDC.
> >>>>>
> >>>>> Assume my pc’s host name is “SOMENATH-PC” & it has 3 user
> >>> accounts.
> >>>>> They are:
> >>>>>
> >>>>>
> >>>>>
> >>>>> *USER NAME PASSWORD *
> >>>>>
> >>>>> i) Administrator administrator
> >>>>>
> >>>>> ii) Somenath somenath
> >>>>>
> >>>>> iii) Guest guest
> >>>>>
> >>>>>
> >>>>>
> >>>>> Now in TGS_REQ message I send “*cifs/SOMENATH-PC.xyz.com
> >>>>> <http://SOMENATH-PC.xyz.com>” *as server name (Service & Host)
> >>>>> in KDC_REQ_BODY. After receiving TGS_REQ message KDC prepare a
> >>>>> ticket
> >>> which is
> >>>>> encrypted by using server’s secret key i.e. SOMENATH-PC’s secret key.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Now my question is that in order to encrypt the enc-part of the
> ticket
> >>>>> what credential’s is used by KDC as *“SOMENATH-PC”* has three
> >>>>> user accounts which is mentioned above. Please provide me some
> >>>>> information regarding my question.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Somenath
> >>>>>
> >>>> _______________________________________________
> >>>> krbdev mailing list krbdev at mit.edu
> >>>> https://mailman.mit.edu/mailman/listinfo/krbdev
> >>>
> >>>
> >>>
> >>>
> >>
> > _______________________________________________
> > krbdev mailing list krbdev at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
_______________________________________________
krbdev mailing list krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list