kerberos decryption in wireshark enhancement

Michael B Allen ioplex at
Mon Oct 6 06:21:10 GMT 2008

On Mon, Oct 6, 2008 at 1:29 AM, ronnie sahlberg
<ronniesahlberg at> wrote:
> Hi Michael,
> Thanks.
> I have also recently checked in initial support to decrypt CFX blobs
> and it seems to work reasonably well.
> I also tried your ktexport.exe recently but it would no longer produce
> any keytabs:-(
> Do you have a more uptodate version of ktexport.exe that works?

Yeah, last time I tried it it didn't work. It just hangs. It suspect
it just needs to be updated to use the latest pwdump MO.

Feel free to take it and run with it as you like.


> Maybe ktexport could be enhanced to export a keytab that also contain
> some of the other popular enctypes (enctype 18?) in addition to
> arcfour?
> ronnie s
> On Sat, Oct 4, 2008 at 3:34 AM, Michael B Allen <ioplex at> wrote:
>> On Fri, Oct 3, 2008 at 12:16 PM, ronnie sahlberg
>> <ronniesahlberg at> wrote:
>>> List,
>>> Current SVN of Wireshark has been enhanced in the methods available to
>>> specify the keytab file.
>>> In addition to specify one single file to read from the KRB5
>>> preferences you can now also use -K <keytab> on the command line to
>>> specify additional keytab file(s) to read/use.
>>> If you need to load multiple keytab files you can do this by
>>> specifying -K multiple times on the command line.
>>> This makes decryption of KRB and GSS much more convenient to use since
>>> it avoids all the juggling back and forth between which file to
>>> specify in the preferences.
>> Nice work Ronnie. I've used Krb5 decryption feature many times and I'm
>> glad to know about this change.
>> Thanks,
>> Mike
>> --
>> Michael B Allen
>> PHP Active Directory SPNEGO SSO

Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the samba-technical mailing list