[36503] in Kerberos
Re: Kerberos5 ticket to ascii converter?
daemon@ATHENA.MIT.EDU (ronnie sahlberg)
Tue Sep 30 12:32:12 2014
MIME-Version: 1.0
In-Reply-To: <CA+j=ERqbtG4Zf-nv_TFhRh_Wuvgod3SHNHM84+kAoDPV=NOmCg@mail.gmail.com>
Date: Tue, 30 Sep 2014 09:32:00 -0700
Message-ID: <CAN05THSVbpUq72xRuzWaOFArqPgb8imbXy1fZQNXX2SPtGu5hQ@mail.gmail.com>
From: ronnie sahlberg <ronniesahlberg@gmail.com>
To: Wendy Lin <wendlin1974@gmail.com>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Tue, Sep 30, 2014 at 9:17 AM, Wendy Lin <wendlin1974@gmail.com> wrote:
> On 30 September 2014 17:55, ronnie sahlberg <ronniesahlberg@gmail.com> wrote:
>> On Tue, Sep 30, 2014 at 8:25 AM, Wendy Lin <wendlin1974@gmail.com> wrote:
>>> On 30 September 2014 15:25, Rick van Rein <rick@openfortress.nl> wrote:
>>>> Hi,
>>>>
>>>>>>> Does Kerberos5 have a ticket to ascii converter so someone can see
>>>>>>> what a ticket looks like in plain text?
>>>>>>
>>>>>> You might use any ASN.1 parser to see the structure, without it actually being spelled out in terms of the Kerberos field names.
>>>>>
>>>>> Is the file format of the ticket cache in ASN.1?
>>>>
>>>> That would depend on its implementation.
>>>
>>> MIT kerberos 1.12, DIR: cache
>>>
>>>> You asked for tickets ;-) which are defined in ASN.1 in the RFCs. I think the WireShark suggestion is better than mine, but it won’t do what you are asking.
>>>
>>> Why?
>>
>> One reason is because most of the ticket are encrypted blobs. Without
>> decryption these blobs will just look like huge piles of random bytes,
>> so there is not really much interesting to see in the ticket.
>> If you want to look at the interesting parts of a ticket you really
>> want to decrypt these blobs.
>
> OK
>
> is there a C function in libkrb5 which takes a keytab and the data
> blob as parameter, and returns the decrypted data blob?
In wireshark I use krb5_c_decrypt(). It takes a key, not a keytab, so
you may need to iterate over all keys in the keytab.
See:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=asn1/kerberos/packet-kerberos-template.c;h=9eb82ab37f8d89ef57f691df656e063d8ad6c713;hb=HEAD#l400
(We iterate over all the keys in wireshark and try them one by one
because it was easier than tracking SPN->key mappings.)
>
> Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
