Kerberos Debugging Tips

I worked on adding Kerberos support for Apache Rampart and WSS4J during last few weeks and interop testing with WCF.

Following lists some useful debugging tips I came across..

1. How to list all the Kerberos tickets issued to the logged in client principal in Windows

c:\Program Files (x86)\Resource Kit>klist

Current LogonId is 0:0x29a6f

Cached Tickets: (2)

#0>     Client: administrator @ WSO2.COM
       Server: krbtgt/WSO2.COM @ WSO2.COM
       KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
       Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
       Start Time: 11/25/2010 13:19:58 (local)
       End Time:   11/25/2010 23:19:58 (local)
       Renew Time: 12/2/2010 13:19:58 (local)
       Session Key Type: AES-256-CTS-HMAC-SHA1-96

#1>     Client: administrator @ WSO2.COM
       Server: service/myserver @ WSO2.COM
       KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
       Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_delegate
       Start Time: 11/25/2010 13:19:58 (local)
       End Time:   11/25/2010 23:19:58 (local)
       Renew Time: 12/2/2010 13:19:58 (local)
       Session Key Type: RSADSI RC4-HMAC(NT)

2. How to remove cached Kerberos tickets in Windows

c:\Program Files (x86)\Resource Kit>klist purge

Current LogonId is 0:0x29a6f
       Deleting all tickets:
       Ticket(s) purged!

Read more: F A C I L E L O G I N

Posted via email from Jasper-net