[15921] in Kerberos_V5_Development
Question about FAST
daemon@ATHENA.MIT.EDU (kristian)
Fri Jun 25 23:55:19 2010
Message-ID: <856681.18064.qm@web76002.mail.sg1.yahoo.com>
Date: Sat, 26 Jun 2010 11:55:14 +0800 (SGT)
From: kristian <x_astroboyz@yahoo.co.id>
To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
There are some more questions I want to ask you about Kerberos protocol
and FAST itself.
1. How can we prove the vulnaribility of
Kerberos protocol without FAST pre-authentication implemented ? Yes, I
know that by sniffing the ticket exchanged between KDC and client
(AS_REQ and AS_REP) we can decrypt the ticket with various password we
try. Have you ever tried to crack this ticket using dictionary attck ?
I try to do this with wireshark to sniff the ticket and john the ripper
to decrypt the ticket I got, but there is no way to get the result.
2.
How is FAST implemented in Kerberos really ? I mean, in what file or
what section script of FAST included in Kerberos has installed and how is it enabled?
I have installed Kerberos V5 in FreeBSD operating system and implemented
mod_auth_kerb for HTTP service successfully. I want to see where FAST
pre-authentication is implemented exactly and how much it's effect for
Kerberos system security.
In
packets I sniffed with wireshark, I see pa-data (but only type 11 and
19 end when preauth-required added in a principal mode, I get padata
type 2), but not FAST pa-data. How can I get FAST enabled in Kerberos ?
I used krb5.1.8.2 in my system.
Thank you very much for your help and answer.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev