ktexport - Export Kerberos Keys from Active Directory
Michael B Allen
mba2000 at ioplex.com
Wed May 3 17:01:03 GMT 2006
On Wed, 03 May 2006 07:14:31 +0200
Andrew Bartlett <abartlet at samba.org> wrote:
> On Tue, 2006-05-02 at 21:27 -0400, Michael B Allen wrote:
> > I have modified pwdump2 [1] to export a "standard" kerberos keytab
> > file. This utility is called ktexport and you can download it here:
> >
> > http://www.ioplex.com/utilities/
> >
> > README.ktexport is inlined below but I just want to stress that currently
> > the key is the only data within each entry that is actually correct. The
> > vno and so on are default values that are almost certainly wrong. However,
> > it turns out that Ethereal doesn't care. So the generated sam.keytab
> > can be used with Ethereal to decrypt Kerberos tickets. Yeah!
>
> The other similar utility is samba4's 'net samdump keytab'. This does
> the same thing, for the same purpose, but remotely. You must join the
> domain as a BDC first (net join bdc <domain>).
Actually one glaring deficiency in ktexport is that, aside from the keys,
the data is wrong. It would be nice if I could extract the correct SPN
and kvno. Would you happen to know the info levels and corresponding
calls to retrieve that info?
Mike
More information about the samba-technical
mailing list