[email protected]
[Top] [All Lists]

Re: [Patch] Support for LDAP with GSSAPI/NTLMSSP auth scheme decoding in

Subject: Re: [Patch] Support for LDAP with GSSAPI/NTLMSSP auth scheme decoding in wireshark
From: Matthieu Patou
Date: Wed, 29 Apr 2009 13:15:57 +0400
On 04/28/2009 06:01 PM, Stefan (metze) Metzmacher wrote:
Stefan (metze) Metzmacher schrieb:
Hi Matthieu,

I finally finished my patch to support NTLMSSP auth in LDAP.
As metze proposed I add the option that read all the keytab that were
provided, and try all the encoded password inside it.

It seems to work quite well, I tried with a few keytab generated for
pure "traditional" LDAP with kerberos auth and I've been able to decode
(well if the keytab contains the md4(password) of the user trying to
authenticate himself).
I'm quite surprised that when "extracting" crypted password in a keytab
they are only stored by using md4(unicode(password))) even if we ask
keytab to use arc4_hmac (but I'm far from being well aware of all in
kerberos ...).

Concerning protocols, I tested NTLM v1 and NTLM v2, for NTLM v1 I tested
mostly with extended security flags so for less secure (and maybe not
anymore really used ?) scheme (like pure lan manager auth or simple nt
auth) problems might still exist.

It would be just great if you can provide me some feedback, in anycase
my goal is to submit it to wireshark devs soon.
Thanks! I'll give it a try in the next days.
Would it be possible that you base this patch on wiresharks trunk?
You mean ?


<Prev in Thread] Current Thread [Next in Thread>