[31517] in Kerberos
Re: [OpenAFS-devel] Re: Hack Kerberos / AFS
daemon@ATHENA.MIT.EDU (Derrick Brashear)
Tue Sep 29 11:54:18 2009
MIME-Version: 1.0
In-Reply-To: <A3B6794F-B74C-45C9-AD0A-8ACDD04DF58A@sxw.org.uk>
Date: Tue, 29 Sep 2009 05:04:44 -0400
Message-ID: <db6e3f110909290204p7ef12728p98ea522d181de83a@mail.gmail.com>
From: Derrick Brashear <shadow@gmail.com>
To: "openafs-devel@openafs.org Devel" <openafs-devel@openafs.org>
Cc: Kerberos-Dev List <krbdev@mit.edu>, Kerberos List <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Sep 29, 2009 at 5:00 AM, Simon Wilkinson <simon@sxw.org.uk> wrote:
>
> On 29 Sep 2009, at 10:31, Remi Ferrand wrote:
>
>> Hye,
>>
>> I need help to create a little hack on Kerberos / AFS.
>
> You'd be much better off asking this question on the openafs-devel list, to
> which I've directed follows. This is definitely off-topic for krb-devel, and
> is actually not particularly Kerberos dependent at all.
>
>> My final aim is to forge Tokens (Ticket Granting Server for AFS (Andrew
>> File System)) without any passwords from the users (directly with the Master
>> Key).
>
> You don't need to use the Kerberos master key for this - you can forge AFS
> tokens using just the afs/<cell>@<REALM> key that's stored in your servers
> keyfiles. The daemon that lives behind gssklog already forges AFS tokens -
> that's probably a good location to look for code.
aklog includes such a thing based on heimdal kimpersonate
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
