TGS-REP TICKET decrypting problem

Wang Weijun weijun.wang at oracle.com
Tue May 20 05:55:28 EDT 2014 

The KDC is using the secret key of the computer itself, which is not the same as any of those user accounts. Assuming your KDC is a Windows Server, you will see "Users and Computers" in the Active Directory Domain Services manager, which means each user and computer is a different principal.

--Max


On May 20, 2014, at 17:09, somenath saha <saha.somenath.88 at gmail.com> wrote:

> Hi,
> 
>      I need some information regarding the ticket creation in KDC.
> 
>      Assume my pc’s host name is “SOMENATH-PC” & it has 3 user accounts.
> They are:
> 
> 
> 
>                        *USER NAME                        PASSWORD*
> 
> i)             Administrator                        administrator
> 
> ii)            Somenath                             somenath
> 
> iii)           Guest                                     guest
> 
> 
> 
> Now in TGS_REQ message I send “*cifs/SOMENATH-PC.xyz.com
> <http://somenath-pc.xyz.com/>” *as server name (Service & Host) in
> KDC_REQ_BODY. After receiving TGS_REQ message KDC prepare a ticket which is
> encrypted by using server’s secret key i.e. SOMENATH-PC’s secret key.
> 
> 
> 
> Now my question is that in order to encrypt the enc-part of the ticket what
> credential’s is used by KDC as *“SOMENATH-PC”* has three user accounts
> which is mentioned above. Please provide me some information regarding my
> question.
> 
> 
> 
> Regards,
> 
> Somenath
> 
> 
> On Thu, May 15, 2014 at 12:56 PM, somenath saha
> <saha.somenath.88 at gmail.com>wrote:
> 
>> Hi,
>> 
>>      I need some information regarding the ticket creation in KDC.
>> 
>>      Assume my pc’s host name is “SOMENATH-PC” & it has 3 user accounts.
>> They are:
>> 
>> 
>> 
>>                        *USER NAME                        PASSWORD *
>> 
>> i)             Administrator                        administrator
>> 
>> ii)            Somenath                             somenath
>> 
>> iii)           Guest                                     guest
>> 
>> 
>> 
>> Now in TGS_REQ message I send “*cifs/SOMENATH-PC.xyz.com
>> <http://SOMENATH-PC.xyz.com>” *as server name (Service & Host) in
>> KDC_REQ_BODY. After receiving TGS_REQ message KDC prepare a ticket which is
>> encrypted by using server’s secret key i.e. SOMENATH-PC’s secret key.
>> 
>> 
>> 
>> Now my question is that in order to encrypt the enc-part of the ticket
>> what credential’s is used by KDC as *“SOMENATH-PC”* has three user
>> accounts which is mentioned above. Please provide me some information
>> regarding my question.
>> 
>> 
>> 
>> Regards,
>> 
>> Somenath
>> 
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list