Hi Ronnie..
You can find the MIT keytab format documented in the MIT kerberos
source code, the file format is reasonably simple.
I've get a slightly old tree, hopefully it hasn't moved:
src/lib/krb5/keytab/file/ktf_util.c
The header comment gives you the general flavor of the format,
but is not exactly correct. Code's fairly short though. :-)
Haven't looked at how ethereal deals with kerberos, is it just
linking against MIT kerberos?
regards, Eric
-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of Ronnie Sahlberg
Sent: Monday, February 02, 2004 3:39 AM
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] telnet/authentication Kerberos stuff
hi list
I just checked in a tiny patch for telnet to dissect some authentication
options for
(kerberized) telnet.
currently only SEND and NAME suboptions are dissected but soon also,
hopefully,
the REPLY suboptions containing kerberos tickets.
Please test.
attached capture contain a kerberized telnet session to authenticate and
login.
attached is also the keytab file containing both the host/curie keytab entry
for the server
and also a few user principals (all user principals are joe-accounts =>
password==account-name)
No fear, the kerberos realm where these captures/keytabs were taken from was
a completely private network
built from scratch to generate this capture and this keytab and nothing
else. It was never attached to a real network.
all systems have been scrubbed and hteir storage destroyed since.
The non decrypted parts of the telnet options contain kerberos tickets and
stuff, something we can use to test any keytab driven
open ticket and extract the session key.
It would be very useful to continue this work and the other kerberos work
done to allow
parsing of keytab files and opening of tickets to extract the session keys
to make it easier to reverse
engineer various modern protocols.
Anyone with knowledge on how MIT kerberos keytab files are structured are
more than welcome to
email me. For our purposes we could get by with a very simple
non-threaded/non-recursive parsing of these files
and we dont need the complexity to link with any kerberos libs.
best regards ronnie s.
*********************************************************************
This e-mail and any attachment is confidential. It may only be read, copied and used by the intended recipient(s). If you are not the intended recipient(s), you may not copy, use, distribute, forward, store or disclose this e-mail or any attachment. If you are not the intended recipient(s) or have otherwise received this e-mail in error, you should destroy it and any attachment and notify the sender by reply e-mail or send a message to sysadmin@xxxxxxxxxxx
*********************************************************************