Kerberos enhancement in wireshark. Decryption of CFX RFC4121

ronnie sahlberg ronniesahlberg at
Sun Oct 5 00:37:58 GMT 2008


Starting at SVN 26350  Wireshark can, if keytabs are provided, now
decrypt RFC4121 (CFX) blobs.
I have tested this with LDAP protected with AES encryption with
successful results but it should work with any
encryption type that the linked kerberos (mit or heimdal) library supports.

Linux/Unix users needs to rebuild from current SVN to get this functionality.
Windows users can in a few hours download an automated build (svn
26350 or later) from the usual place on the wireshark site.

Many thanks to Andrew B for help debugging/troubleshooting the code.
Maybe Andrew B can donate a sample capture and keytab file to the
wireshark wiki   for those that do not have access to CFX traces but
still want to see what this new GSS layer looks like?

AndrewB said something about some "unusualness" regarding (from
memory) the ec field affecting the rotation count on some
Do you have any details about this?
The decryption of CFX Wrap is in packet-spnego.c.

It is my hope that decryption of RFC4121 blobs will be useful for the community.

best regards
ronnie sahlberg

More information about the samba-technical mailing list