TGS-REP TICKET decrypting problem
Wang Weijun
weijun.wang at oracle.com
Fri Jun 13 01:40:46 EDT 2014
The service ticket is meant to be read by the service. The client should not be able to decrypt it.
--Max
On Jun 13, 2014, at 13:11, somenath saha <saha.somenath.88 at gmail.com> wrote:
> hi wang,
>
> yes i can create keytab file and grab the necessary key from there. but it is not my intention. i don't want to take any help from KDC as i want to write separate code for client. why should client take the key from KDC. client have to prepare it and must decrypt the ticket..
>
>
> On Fri, Jun 13, 2014 at 10:36 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
> Didn't you already created a keytab file using esedbexport and dskeytab.py? Inside it there is one key that should decrypt the service ticket.
>
> --Max
>
> On Jun 13, 2014, at 13:00, somenath saha <saha.somenath.88 at gmail.com> wrote:
>
> > hi danilo and other
> >
> > I forgot to mention something about my setup. I am running an Active Directory domain on a Windows Server 2012 machine with two Windows (windows server 2012) clients joined to the domain. In windows server 2012 i create a user "krbtest" and password of this user is "Krbtest2012". now i prepare a key using the user credential i.e username "krbtest " , its password and corresponding domain and enctype. Using this key i can decrypt the AS_REP message. but i can't decrypt the TGS_REP ticket using that key. please help me out and inform me if you need any other details..
> >
> >
> > On Thu, Jun 12, 2014 at 11:59 AM, somenath saha <saha.somenath.88 at gmail.com> wrote:
> > Danilo,
> >
>
>
More information about the krbdev
mailing list