.NET Information center: Kerberos Debugging Tips

Tuesday, February 15, 2011

Kerberos Debugging Tips

I worked on adding Kerberos support for Apache Rampart and WSS4J during last few weeks and interop testing with WCF.
Following lists some useful debugging tips I came across..

1. How to list all the Kerberos tickets issued to the logged in client principal in Windows
c:\Program Files (x86)\Resource Kit>klist
Current LogonId is 0:0x29a6f
Cached Tickets: (2)
#0> Client: administrator @ WSO2.COM
Server: krbtgt/WSO2.COM @ WSO2.COM
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
Start Time: 11/25/2010 13:19:58 (local)
End Time: 11/25/2010 23:19:58 (local)
Renew Time: 12/2/2010 13:19:58 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96

#1> Client: administrator @ WSO2.COM
Server: service/myserver @ WSO2.COM
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_delegate
Start Time: 11/25/2010 13:19:58 (local)
End Time: 11/25/2010 23:19:58 (local)
Renew Time: 12/2/2010 13:19:58 (local)
Session Key Type: RSADSI RC4-HMAC(NT)

2. How to remove cached Kerberos tickets in Windows

c:\Program Files (x86)\Resource Kit>klist purge
Current LogonId is 0:0x29a6f
Deleting all tickets:
Ticket(s) purged!

Read more: F A C I L E L O G I N

Posted via email from Jasper-Net