0

The documentation of MIT Kerberos explains here how the credential cache file is formatted. It basically consists of:

  • a header
  • information about the REALM and the user
  • a keyblock
  • information about the expiration of the ticket
  • authdata
  • the tickets themselves

I figured out the purpose of most of these components but still don't understand what the keyblock is for. It is some encrypted blob that is essential for authenticating with Kerberos. I've been digging through the documentation and a lot of other resources to find out about this but couldn't find a clear answer. It could be an encrypted timestamp to avoid replay attacks or maybe a checksum. But I don't know for sure.

Does anyone know what the purpose of this block is? And what kind of information it encodes?

arne.z
  • 357
  • 6
  • 24

1 Answers1

0

The keyblock is a block that holds a key! The abstract notation on the page you linked is good for telling you things like byte counts and binary structures, not so good for insight into why they are that way.

The file type credential cache consists of 3 parts:

  1. Header
  2. Default principal
  3. Sequence of credentials

What we are interested in here is the format of a credential. One of its members is the keyblock you want to know about. Let's take a look at another part of the documentation. Here we can see the structure that is being serialised to generate the ccache (bar a little bit of magic). We can see that the keyblock contains the "session encryption key info".

The keyblock is not an encrypted piece of data, it is the key that is used to encrypt data (The users session key that is). If you want to see what kind of information is encoded in it you can look at its members. It consists of 3 parts: what type of key it is, how long the key is, and the key material itself.

To find out more about this you should definitely take a look at the code. It seems like you are trying to reverse the ccache format, why reinvent the wheel. There is also some GNU documentation that I think you will find useful.

rlf
  • 335
  • 2
  • 9