Howto

Identify the type of Kerberos keys

Step 1

Get the keys stored in the user’s ldap object.

root@lenaedu:~# for key in $(univention-ldapsearch -LLL "uid=a.aufspalten" krb5Key| grep -E "^krb5"|sed s/\ /:/g); do echo $key| sed s/^krb5Key:::/krb5Key::\ /g| ldapsearch-wrapper|s4search-decode;done

Step 2

You will get an output similar to the following which displays the key types:

> krb5Key:: MEGhGzAZoAMCARehEgQQ48r/H3hfACAcmK7vyW41g6IiMCCgAwIBA6EZBBdTQ0hVTEVOLlVDU2EuYXVmc3BhbHRlbg==
> #	krb5_keytype: arcfour-hmac-md5 (23)
> #	keyblock:  48r/H3hfACAcmK7vyW41gw==
> #	as NThash: E3CAFF1F785F00201C98AEEFC96E3583
> #	saltstring:  SCHULEN.UCSa.aufspalten
> krb5Key:: MEGhGzAZoAMCARGhEgQQJr3I78Au9lZAJalq3LfapaIiMCCgAwIBA6EZBBdTQ0hVTEVOLlVDU2EuYXVmc3BhbHRlbg==
> #	krb5_keytype: aes128-cts-hmac-sha1-96 (17)
> #	keyblock:  Jr3I78Au9lZAJalq3LfapQ==
> #	saltstring:  SCHULEN.UCSa.aufspalten
> krb5Key:: MDmhEzARoAMCAQGhCgQIm4MIxPjTlKiiIjAgoAMCAQOhGQQXU0NIVUxFTi5VQ1NhLmF1ZnNwYWx0ZW4=
> #	krb5_keytype: des-cbc-crc (1)
> #	keyblock:  m4MIxPjTlKg=
> #	saltstring:  SCHULEN.UCSa.aufspalten
> krb5Key:: MDmhEzARoAMCAQKhCgQIm4MIxPjTlKiiIjAgoAMCAQOhGQQXU0NIVUxFTi5VQ1NhLmF1ZnNwYWx0ZW4=
> #	krb5_keytype: des-cbc-md4 (2)
> #	keyblock:  m4MIxPjTlKg=
> #	saltstring:  SCHULEN.UCSa.aufspalten
> krb5Key:: MEmhIzAhoAMCARChGgQYV4yA024HtTdhxBUs2kBndSwOLINdwSCGoiIwIKADAgEDoRkEF1NDSFVMRU4uVUNTYS5hdWZzcGFsdGVu
> #	krb5_keytype: des3-cbc-sha1 (16)
> #	keyblock:  V4yA024HtTdhxBUs2kBndSwOLINdwSCG
> #	saltstring:  SCHULEN.UCSa.aufspalten
> krb5Key:: MDmhEzARoAMCAQOhCgQIm4MIxPjTlKiiIjAgoAMCAQOhGQQXU0NIVUxFTi5VQ1NhLmF1ZnNwYWx0ZW4=
> #	krb5_keytype: des-cbc-md5 (3)
> #	keyblock:  m4MIxPjTlKg=
> #	saltstring:  SCHULEN.UCSa.aufspalten
> krb5Key:: MFGhKzApoAMCARKhIgQg704yEWiHfIOlJpwySgo8eMUxGvYMluQhXAkWGXZVORqiIjAgoAMCAQOhGQQXU0NIVUxFTi5VQ1NhLmF1ZnNwYWx0ZW4=
> #	krb5_keytype: aes256-cts-hmac-sha1-96 (18)
> #	keyblock:  704yEWiHfIOlJpwySgo8eMUxGvYMluQhXAkWGXZVORo=
> #	saltstring:  SCHULEN.UCSa.aufspalten