Is there a Kerberos testing tool?

windows-server-2008 kerberos

Solution 1:

I'll go ahead and submit my previous comments as an answer. I hope it's what the OP wanted.

As you already know, you can use klist.exe to purge your Kerberos tickets.

So fire up Wireshark and start a trace. Then purge your Kerberos tickets. Then in a command prompt, type net stop netlogon & net start netlogon. (Or do something like try to access a network file share.) That will cause the computer to request new Kerberos tickets from the KDC/Domain Controller. Now stop your Wireshark trace. You have successfully captured a network trace containing the interaction between domain member and domain controller.

Solution 2:

Update: this answer is *nix specific and the question is about windows. Leaving it in for future reference, just in case.

You can use:

  • kdestroy to wipe out your old tickets
  • kinit to request a TGT
  • kvno to request a ticket for a service, e.g. kvno host/$(hostname -f)

Oh, and klist does not let you purge the cache. It shows what tickets you have obtained.

Related

Cannot start ` Secure Socket Tuning Protocol Service`
Re-install (repair) Server 2012 Roles & Features
How should secret files be pushed to an EC2 (on AWS) Ruby on Rails application?
mdadm: Disk configuration by UUID
Websphere JSESSIONID cookie overwrite between two apps on the same domain (different ports / context roots)
Is "inet addr" my or "bcast" my machine's actual IP? [closed]
rsync copies unmodified files between different file systems
Way to ungroup printers when multiple printers share the same IP/port?
Creating new MySQL user... password and privileges not sticking
Multiple HTTPS servers for single website, and single IP?
sendmail config, making open relay
Mount EncFS at boot