I have never tested it with DES, only with arcfour (which is not salted)
I suspect the problem might be that the salting is not done properly
in ethereal.
As a test:
Can you try changing your client/kdc to only use rc4-hmac and see if
that works?
On 8/17/05, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
> Hi all,
>
> When I know ethereal 0.10.12 can decrypt kerberos data, I was so
> excitting. But after testing and research 20+ hours, I failed to work
> this feature out. Now I am wondering what on earth did I do wrong.
>
> Below is my last test, after creating keytab and capture kerberos
> traffic, I still can not see the decrypted kerbers info. Every things
> looks the same as I did not specify a keytab file. ( I did enable the
> "try to decrypt kerberos blob" option)
> I also attach the keytab and cap trace file. Please help me check what
> would be the problem.
>
> It will also be highly appricated if anyone can send me a sample of
> keytab and cap file, so that I can have a look at this cool feature.
>
> OS: Fedora core 4
> Ethereal: ethereal-0.10.12.SVN.15374-1.fc4.i386.rpm from
> http://www.ethereal.com/distribution/buildbot-builds/rpm/
>
> KDC: windows 2003 (IP 10.5.3.1)
> realm: DENYDC.COM
> princ:
> 1. u5@xxxxxxxxxx
> dump NT hash by dumpwd3e.exe, then create keytab file by ktutil on FC4
> ktutil:addent -key -p u5@xxxxxxxxxx -k 3 -e arcfour-hmac-md5
> 2. des@xxxxxxxxxx (
> create keytab file ktpass.exe on windows 2003
>
> file attached:
> 816.key, contains keys for u5 and des
> 816.cap, des and u5 login for a Windows XP
> 816fc4.cap, des and u5 login from FC4 by "kinit -k -t 816.key u5@xxxxxxxxxx"
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>
>