Skip to content

Instantly share code, notes, and snippets.

@tscherf

tscherf/kinit_trace.md

Last active May 21, 2021 11:27
Show Gist options
  • Save tscherf/7623486d72a7dc8a52aea72aff07f29c to your computer and use it in GitHub Desktop.
Save tscherf/7623486d72a7dc8a52aea72aff07f29c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kinit_trace.md 
[3799] 1621592188.385858: Getting initial credentials for [email protected]
[3799] 1621592188.385860: Sending unauthenticated request
[3799] 1621592188.385861: Sending request (193 bytes) to EXAMPLE.COM
[3799] 1621592188.385862: Initiating TCP connection to stream 1.2.3.4:88
[3799] 1621592188.385863: Sending
[3799] 1621592188.385865: Terminating TCP connection to stream 1.2.3.4:88
[3799] 1621592188.385866: Response was from master KDC
[3799] 1621592188.385867: Received error from KDC: -1765328359/Additional pre-authentication required
[3799] 1621592188.385870: Preauthenticating using KDC method data
[3799] 1621592188.385871: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-PK-AS-REQ_OLD (14), PA-FX-FAST (136), PA-ETYPE-INFO2 (19), PA-PKINIT-KX (147), PA-ENC-TIMESTAMP (2), PA-FX-COOKIE (133)
[3799] 1621592188.385872: Selected etype info: etype aes256-cts, salt "gG/'zL&P\"-{%UN8", params ""
[3799] 1621592188.385873: Received cookie: MIT
[3799] 1621592188.385874: Preauth module pkinit (147) (info) returned: 0/Success
[3799] 1621592188.385875: PKINIT loading CA certs and CRLs from FILE
[3799] 1621592188.385876: PKINIT loading CA certs and CRLs from FILE
[3799] 1621592188.385877: PKINIT client computed kdc-req-body checksum 9/92C3400F52A4BC1697B43BE81AA779CEB5C224AE
[3799] 1621592188.385879: PKINIT client making DH request
[3799] 1621592188.385880: Preauth module pkinit (16) (real) returned: 0/Success
[3799] 1621592188.385881: Produced preauth for next request: PA-FX-COOKIE (133), PA-PK-AS-REQ (16)
[3799] 1621592188.385882: Sending request (2967 bytes) to EXAMPLE.COM
[3799] 1621592188.385883: Initiating TCP connection to stream 1.2.3.4:88
[3799] 1621592188.385884: Sending TCP request to stream 1.2.3.4:88
[3799] 1621592188.385885: Received answer (3003 bytes) from stream 1.2.3.4:88
[3799] 1621592188.385886: Terminating TCP connection to stream 1.2.3.4:88
[3799] 1621592188.385887: Response was from master KDC
[3799] 1621592188.385888: Processing preauth types: PA-PK-AS-REP (17), PA-ETYPE-INFO2 (19)
[3799] 1621592188.385889: Selected etype info: etype aes256-cts, salt "gG/'zL&P\"-{%UN8", params ""
[3799] 1621592188.385890: PKINIT client verified DH reply
[3799] 1621592188.385891: PKINIT client found id-pkinit-san in KDC cert: krbtgt/[email protected]
[3799] 1621592188.385892: PKINIT client matched KDC principal krbtgt/[email protected] against id-pkinit-san; no EKU check required
[3799] 1621592188.385893: PKINIT client used KDF 2B06010502030602 to compute reply key aes256-cts/0AA5
[3799] 1621592188.385894: Preauth module pkinit (17) (real) returned: 0/Success
[3799] 1621592188.385895: Produced preauth for next request: (empty)
[3799] 1621592188.385896: AS key determined by preauth: aes256-cts/0AA5
[3799] 1621592188.385897: Decrypted AS reply; session key is: aes256-cts/9C2D
[3799] 1621592188.385898: FAST negotiation: available
[3799] 1621592188.385899: Initializing KEYRING:persistent:0:krb_ccache_MI4Bc1g with default princ [email protected]
[3799] 1621592188.385900: Storing [email protected] -> krbtgt/[email protected] in KEYRING:persistent:0:krb_ccache_MI4Bc1g
[3799] 1621592188.385901: Storing config in KEYRING:persistent:0:krb_ccache_MI4Bc1g for krbtgt/[email protected]: fast_avail: yes
[3799] 1621592188.385902: Storing [email protected] -> krb5_ccache_conf_data/fast_avail/krbtgt\/EXAMPLE.COM\@EXAMPLE.COM@X-CACHECONF: in KEYRING:persistent:0:krb_ccache_MI4Bc1g
[3799] 1621592188.385903: Storing config in KEYRING:persistent:0:krb_ccache_MI4Bc1g for krbtgt/[email protected]: pa_type: 16
[3799] 1621592188.385904: Storing [email protected] -> krb5_ccache_conf_data/pa_type/krbtgt\/EXAMPLE.COM\@EXAMPLE.COM@X-CACHECONF: in KEYRING:persistent:0:krb_ccache_MI4Bc1g
[3799] 1621592188.385905: Storing config in KEYRING:persistent:0:krb_ccache_MI4Bc1g for krbtgt/[email protected]: pa_config_data: {"X509_user_identity":"FILE:/root/pkinit/tscherf.pem,/root/pkinit/tscherf.key"}
[3799] 1621592188.385906: Storing [email protected] -> krb5_ccache_conf_data/pa_config_data/krbtgt\/EXAMPLE.COM\@EXAMPLE.COM@X-CACHECONF: in KEYRING:persistent:0:krb_ccache_MI4Bc1g
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment