How is a password encrypted into a keytab file?
I am using keytab files on Linux systems to authenticate services with kerberos. I am wondering how this password is actually stored into that keytab file. As we know in /etc/passwd the passwords are stored after applying a one-way hashing method - so it is not possible to calculate the plaintext password from it.
But how is that done in the keytab file? The Process using the keytab somehow must know the password to authenticate the user?! Is it encrypted with a master password so it can be decrypted?
I am using this to create a keytab file:
$ ktutil
ktutil: addent -password -p my_user@MYREALM -k 1 -e rc4-hmac
Password for my_user@MYREALM:
ktutil: wkt my_user.keytab
ktutil: quit
With that keytab I can get a krbtgt without entering a password. When creating the keytab there is no communication with the AD/KDC (so there is no shared secret that could be added for signing or something).
So how is the password encrypted into the keytab? If it is not a hashing algo - is it possible to decrypt it?
Answer
In general a password-based Kerberos key comes from applying an algorithm-specific key derivation function to the user-supplied password, and uses the user principal name as salt (so that two principals with the same password will not have the same key). The actual key derivation functions used are defined in RFC 3961 and RFC 3962 however the RC4 profile is defined elsewhere (by Microsoft).
The key derivation is a one-way function so there is no feasible way to "decrypt" the key.