Is there a Kerberos testing tool?
Solution 1:
I'll go ahead and submit my previous comments as an answer. I hope it's what the OP wanted.
As you already know, you can use klist.exe to purge your Kerberos tickets.
So fire up Wireshark and start a trace. Then purge your Kerberos tickets. Then in a command prompt, type net stop netlogon & net start netlogon
. (Or do something like try to access a network file share.) That will cause the computer to request new Kerberos tickets from the KDC/Domain Controller. Now stop your Wireshark trace. You have successfully captured a network trace containing the interaction between domain member and domain controller.
Solution 2:
Update: this answer is *nix specific and the question is about windows. Leaving it in for future reference, just in case.
You can use:
-
kdestroy
to wipe out your old tickets -
kinit
to request a TGT -
kvno
to request a ticket for a service, e.g.kvno host/$(hostname -f)
Oh, and klist
does not let you purge the cache. It shows what tickets you have obtained.