[39395] in Kerberos
Re: query about a possible "KRB5KEYLOGFILE" feature, to log session
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Mar 19 10:29:16 2024
Message-ID: <030e8e32-f590-4da2-a54b-0a358aea4109@mit.edu>
Date: Tue, 19 Mar 2024 10:27:51 -0400
MIME-Version: 1.0
Content-Language: en-US
To: "Richard E. Silverman" <res@qoxp.net>, MIT Kerberos <kerberos@mit.edu>
From: "Greg Hudson" <ghudson@mit.edu>
In-Reply-To: <08dd4568-38a3-0137-35c7-4ea43647dad6@qoxp.net>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 3/17/24 23:33, Richard E. Silverman wrote:
> I have a patch to libkrb5 which implements a feature similar to the
> SSLKEYLOGFILE environment variable that’s now in pretty wide use for
> TLS: it logs session keys to a keytab named by KRB5KEYLOGFILE. The main
> use for this, just as with the TLS version, is to decrypt packet
> captures with Wireshark; the latter’s KRB5 dissector takes a keytab as
> input.
I think that would be a reasonable feature to add.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
