1

I'm looking for an example to decrypt Kerberos ticket and get the username using keytab file.
I came across the library kerb5, and the function krb5_server_decrypt_ticket_keytab() looks perfect for the job.

I saw a few examples (example 1, example 2) but they require parameters that I do not understand: ccache, type, etc.

I have 2 parameters: ticket(base64 encode) and keytab file, but even with the help of these examples I am not sure how to verify the ticket and get the username.

What is ccache is used for?

I would love an explanation of the various parameters and how the examples can be run.

ryyker
  • 22,849
  • 3
  • 43
  • 87
Rachel91
  • 59
  • 4
  • 1
    ccahce is the credentials cache, its where the users creds are stored – pm100 Jun 30 '22 at 18:12
  • also the server's cred cache. You need the servers creds to decrypt - in fact your program is the 'server' – pm100 Jun 30 '22 at 18:27
  • Even with the links and your explanations of what you are looking for, it would be much better for you to put together a small code attempt to see what works and what does not. Until that point, there is very little anyone can do or say to help that reading the documentation on this tech will not do better. If you do decide to attempt some code, and it does not work, then post the attempt here in the form of a [mcve] and point out what the specific problems are. – ryyker Jun 30 '22 at 19:15
  • 2
    You are wasting your time for low level stuff. Use a high level API like GSS-API or SSPI. – Michael-O Jul 01 '22 at 17:36
  • any progress with this? – desperado06 Oct 05 '22 at 12:35

0 Answers0