get username from a kerberos service ticket? RRS feed

  • Question

  • I'm trying to write a non-intrusive network traffic monitor lib. The app will monitor activities for serveral windows services that communicate over various tcp ports. One thing I'd like to get is the remote client's username from the request sent to the server. The trouble is that for those services that use windows authentication, an encrypted kerberos service ticket is sent by the client. I can capture this ticket but don't know how to decrypt it. I suppose I could get the service's long term key from the domain controller's SAM, but the DC is off limits to this appserver. So is there a feasible way to get that domain username info? Is the long term key stored somewhere on the local machine too? Thanks! MH
    Friday, February 22, 2008 3:38 AM