[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] miscellaneous mechglue stuff

If you know the password you can generate it using :

If you dont know the password, which I assume you dont since it is a machine account, then I dont know. :-(

Note that ethereal does not even look at the SPNs when reading the keytab file, it just tries to use the (usually) very small number of secrets it finds in the keytab   or in key/subkey fields in decrypted blobs   one by one until it finds one that worked.

This means that at least for arcfour you dont have to worry about what SPNs are used   or generate all the required entries in the keytab since these are not salted.

Maybe Lukes suggestion would work if you extract the hashes using pwdump2 and then insert them as arcfour keys manually in some other random keytab where the secret is  using vi ?

On 5/1/06, Michael B Allen <mba2000@ioplex.com> wrote:
On Mon, 1 May 2006 11:59:48 +1000
Luke Howard <lukeh@PADL.COM> wrote:

> >Mmm, do we REALLY want it 0 or should be just mask off certain bits? I
> >recall reading about this but I confess I don't fully understand the
> >implications regarding how the flags are communicated in the authenticator
> >checksum. With that break mutual?
> That's a good point, it probably will. Do MS clients do mutual when you
> send a non-GSSAPI checksum?
> We should probably set some default flags, at least:
> #define GSS_C_MUTUAL_FLAG 2
> #define GSS_C_REPLAY_FLAG 4
> #define GSS_C_CONF_FLAG 16
> #define GSS_C_INTEG_FLAG 32
> Thoughts?

I don't know. But bare in mind that Andrew is thinking the MD5 checksum
issue is specific to a limitation in Samba 3's smbclient. If that's true,
then the problem would be limited to SMB servers using stock Heimdal
gss_accept_sec_context which is to say it's not terribly important
right now.

Do you happen to know how to export a cifs/name.foo.net@FOO.NET aka
name$@foo.net service principal from a W2K3 DC such that it can be
imported into a keytab for Ethereal to use? Ktpass.exe doesn't export
those principals. Otherwise I don't have the setup to decrypt the
Authenticator and know for certain that MS client's are really using 8003.