Ethereal-dev: RE: [Ethereal-dev] telnet/authentication Kerberos stuff

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Eric Wedel" <ewedel@xxxxxxxxxxx>
Date: Wed, 29 Sep 2004 12:02:53 -0700
Hi..

You don't mention the context, so this might not apply.

Microsoft uses the ticket "target"'s principal name as salt
in their ADS keys, of the form
  HOST/machine_name.dns.domain@KERBEROS.REALM
where machine_name.dns.domain is the host's fully-qualified DNS name
and KERBEROS.REALM is the realm it is a member of.  Capitalization
is significant.

The name form shown above is munged a bit to get the salt value:
the '/' and '@' delimiters are removed, and the final salt value
is the resulting string, not including its trailing '\0'.
I believe this munging step is standard kerberos.

After you use this salt & the password to make a keytab entry,
the entry should be usable as-is.

Hope this is of some help.

regards, Eric

-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of Amol Dixit
Sent: Wednesday, September 29, 2004 10:45 AM
To: ethereal-dev@xxxxxxxxxxxx
Subject: RE: [Ethereal-dev] telnet/authentication Kerberos stuff 


Hi,
I am trying to decrypt a Kerberos ticket embedded in an AP_REQ.

Since the password is known, we make the keytab entry using the password
and salt using krb5_string_to_key() & krb5_kt_add_entry().
However krb5_rd_req() fails in krb5_old_decrypt() at this point inspite of
reading the same keytable entry.

if (memcmp(cksum.data, cksumdata, cksum.length) != 0) {
	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
	goto cleanup;
    }

A similar question was asked before too - whether any manipulation needs
to be done on the 8 byte keytab entry contents before passing it to
k5_des_decrypt(). Can we use the key unmodified to pass to the decrypt
functions?
Does anyone have an insight on any manipulations needed (hints on salt
etc). ENCTYPE_DES_CBC_MD5 used.
Please let me know,
Thanks in advance,
Amol

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev


*********************************************************************
This e-mail and any attachment is confidential. It may only be read, copied and used by the intended recipient(s). If you are not the intended recipient(s), you may not copy, use, distribute, forward, store or disclose this e-mail or any attachment. If you are not the intended recipient(s) or have otherwise received this e-mail in error, you should destroy it and any attachment and notify the sender by reply e-mail or send a message to sysadmin@xxxxxxxxxxx
*********************************************************************