Session keys from Active Directory (KDC)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Session keys from Active Directory (KDC)

I wish to intercept traffic from the client to a server and decrypt it.

The messages are encrypted (keys are setup via kerberos KR5).

To do the decryption, I would need the server's long term key (the long

term key that is stored in and maintained by the kerberos key
distribution center KDC).

On windows server operating systems, how can I get a server's (say file

server's) long term key from the KDC (domain controller)?  This is the
key that would have been generated when the file server joined the

Obviously I am assuming I have admin access to the domain controller...


Kerberos mailing list           [hidden email]