[15921] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Question about FAST

daemon@ATHENA.MIT.EDU (kristian)
Fri Jun 25 23:55:19 2010

Message-ID: <856681.18064.qm@web76002.mail.sg1.yahoo.com>
Date: Sat, 26 Jun 2010 11:55:14 +0800 (SGT)
From: kristian <x_astroboyz@yahoo.co.id>
To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit

There are some more questions I want to ask you about Kerberos protocol 
and FAST itself.

1. How can we prove the vulnaribility of 
Kerberos protocol without FAST pre-authentication implemented ?  Yes, I 
know that by sniffing the ticket exchanged between KDC and client 
(AS_REQ and AS_REP) we can decrypt the ticket with various password we 
try. Have you ever tried to crack this ticket using dictionary attck ?

I try to do this with wireshark to sniff the ticket and john the ripper 
to decrypt the ticket I got, but there is no way to get the result.

2.
 How is FAST implemented in Kerberos really ? I mean, in what file or 
what section script of FAST included in Kerberos has installed and how is it enabled?

I have installed Kerberos V5 in FreeBSD operating system and implemented
 mod_auth_kerb for HTTP service successfully. I want to see where FAST 
pre-authentication is implemented exactly and how much it's effect for 
Kerberos system security.
In
packets I sniffed with wireshark, I see pa-data (but only type 11 and
19 end when preauth-required added in a principal mode, I get padata
type 2), but not FAST pa-data. How can I get FAST enabled in Kerberos ?
I used krb5.1.8.2 in my system. 




Thank you very much for your help and answer.



_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home help back first fref pref prev next nref lref last post