Xavier,
the "forge" code that Remi tried to get working is capable of decrypting an
AFS token both for K4 and K5, however it can only re-encrypt a K4 one, not K5.
When he asked me for advice I suggested to drop that code and rather use
Heimdal's kadmin extract to temporarily extract a keytab
Jeffrey Altman a écrit :
Can you please explain what it is that you are attempting
to accomplish?
Our home made batch system used to save and forge kas tickets. No
Kerberos 5, not very secure, easiest. Moreover, it was just navigating
through bit fields to forge a ticket. No AFS primitive imp
Remi:
Can you please explain what it is that you are attempting
to accomplish?
An AFS token can created in a number of methods. Not all of which
are Kerberos v5. tkt_DecodeTicket5() can only be used when the
kvno of the AFS token is RXKAD_TKT_TYPE_KERBEROS_V5 or
RXKAD_TKT_TYPE_KERBEROS_V5_ENCPA
Hi,
I'm trying to find a way to decrypt efficiently an AFS Token created
with "kinit + aklog" in order to access the encrypted data.
Every attempt I made to use the tkt_DecodeTicket5 function was
unsuccessful (this function is supposed to exist for this purpose, isn't
it ?)
My last (and ultimate