Paul Vixie <[EMAIL PROTECTED]> writes: > is there a "crack" module for kerberos? after reading the stanford > paper about how kerberos tickets could be attacked offline, i've been > wanting to actually try this -- no sniffing is required -- against my > own kerberos db to look for easy to guess passwords.
Note that the findings of that paper only apply if you use Kerberos v4 or don't have preauth turned on. If you're using Kerberos v5 with preauth turned on for all users, you cannot launch that style of off-line attack. You can still use the same technique to launch an on-line attack, however. I know that Jack the Ripper has code available to work against an AFS kaserver database, but I don't know about Kerberos v5. We link cracklib along with additional fascist rules into our kadmind and basically try to "pre-crack" passwords whenever anyone changes them. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
