Kerberos5 ticket to ascii converter?

Tomas Kuthan tomas.kuthan at
Tue Sep 30 15:13:09 EDT 2014

On 09/30/14 20:56, Wendy Lin wrote:
> On 30 September 2014 18:32, ronnie sahlberg <ronniesahlberg at> wrote:
>> On Tue, Sep 30, 2014 at 9:17 AM, Wendy Lin <wendlin1974 at> wrote:
>>> On 30 September 2014 17:55, ronnie sahlberg <ronniesahlberg at> wrote:
>>>> On Tue, Sep 30, 2014 at 8:25 AM, Wendy Lin <wendlin1974 at> wrote:
>>>>> On 30 September 2014 15:25, Rick van Rein <rick at> wrote:
>>>>>> Hi,
>>>>>>>>> Does Kerberos5 have a ticket to ascii converter so someone can see
>>>>>>>>> what a ticket looks like in plain text?
>>>>>>>> You might use any ASN.1 parser to see the structure, without it actually being spelled out in terms of the Kerberos field names.
>>>>>>> Is the file format of the ticket cache in ASN.1?
>>>>>> That would depend on its implementation.
>>>>> MIT kerberos 1.12, DIR: cache
>>>>>> You asked for tickets ;-) which are defined in ASN.1 in the RFCs.  I think the WireShark suggestion is better than mine, but it won’t do what you are asking.
>>>>> Why?
>>>> One reason is because most of the ticket are encrypted blobs. Without
>>>> decryption these blobs will just look like huge piles of random bytes,
>>>> so there is not really much interesting to see in the ticket.
>>>> If you want to look at the interesting parts of a ticket you really
>>>> want to decrypt these blobs.
>>> OK
>>> is there a C function in libkrb5 which takes a keytab and the data
>>> blob as parameter, and returns the decrypted data blob?
>> In wireshark I use krb5_c_decrypt(). It takes a key, not a keytab, so
>> you may need to iterate over all keys in the keytab.
>> See:
>> (We iterate over all the keys in wireshark and try them one by one
>> because it was easier than tracking SPN->key mappings.)
> What is a SPN?

Service Principal Name

>>> Wendy
> Wendy
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list