I am using hadoop with kerberos keytab file name userid.keytab for a long while. But now i m not aware the password. Is it anyway to get password from the keytab file.
Asked
Active
Viewed 9,268 times
2 Answers
11
No, you can't. The only thing you can get from a keytab file is the principal name:
$ ktutil
ktutil: read_kt test.wtk
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 1 hadoop_app@BLALBLABLA.LOC
Keytab contains pairs of principal and encrypted keys (which are derived from the Kerberos password), no way to get back the password from these data.
ozw1z5rd
- 3,034
- 3
- 32
- 49
0
Keytab has a principal name at the very least, but can also hold the NTLM hash of the password, next to AES hashes of the same password.
Extract hashes with https://github.com/sosdave/KeyTabExtract
