The Kerberos.NET library is incredibly flexible in what it allows you to do with Kerberos-related things...in code. However, sometimes you don't want to write a bunch of boilerplate code and just want to test out a few scenarios or set up an environment that's compatible with MIT Kerberos, Heimdal, or Windows.
In an attempt to make things easier I recently built and published a new command line tool called Bruce*. It follows the MIT and Heimdal model for tooling. There's a bunch of commands separated into logical purposes:
- kinit -- Obtain and cache a Kerberos Ticket-Granting-Ticket.
- klist -- Displays the current list of tickets in the cache.
- kconfig -- Set or review configuration settings at the default path.
- kdestroy -- Delete the ticket cache.
- kdecode -- Decode tickets into readable structures and optionally decrypt with a provided key.
- kping -- Initiate an AS-REQ "ping' request to a KDC of the current or provided user and list all the details.
- ktpass -- View and manipulate keytab files with added support for troubleshooting.
The Bruce tool is a simple shell-like environment that lets you call the commands within itself or from it's own command line.
____ | __ ) _ __ _ _ ___ ___ | _ \| '__| | | |/ __/ _ \ | |_) | | | |_| | (_| __/ |____/|_| \__,_|\___\___| Command Line tooling for the Kerberos.NET library. (v4.5.14+0131d7e8b6) (C) Copyright 2020 .NET Foundation bruce>kinit Password for steve@SYFUHS.NET: ****************************** Ticket Count: 1 #0> Client: steve @ SYFUHS.NET Server: krbtgt/SYFUHS.NET @ SYFUHS.NET Ticket EType: AES256_CTS_HMAC_SHA1_96 Flags: EncryptedPreAuthentication, PreAuthenticated, Initial, Renewable, Forwardable Start Time: 12/31/1969 4:00:00 PM -08:00 End Time: 9/11/2020 9:37:15 PM -07:00 Renew Until: 9/12/2020 11:37:15 AM -07:00 bruce>_
For added flexibility you can also copy and rename the bruce.exe into any of the above commands and they'll act as if they were their own self-contained commands.
C:\dev\>copy bruce.exe kinit.exe C:\dev\>kinit.exe Password for steve@SYFUHS.NET: ****************************** Ticket Count: 1 #0> Client: steve @ SYFUHS.NET Server: krbtgt/SYFUHS.NET @ SYFUHS.NET Ticket EType: AES256_CTS_HMAC_SHA1_96 Flags: EncryptedPreAuthentication, PreAuthenticated, Initial, Renewable, Forwardable Start Time: 12/31/1969 4:00:00 PM -08:00 End Time: 9/11/2020 9:43:55 PM -07:00 Renew Until: 9/12/2020 11:43:55 AM -07:00 C:\dev\>_
Why didn't you just create a bunch of different command line tools then?
Because I just didn't want to.
The commands are extensible. You can create your own if you want. It just requires some attribute decorations:
[CommandLineCommand("klist", Description = "KerberosList")]
public class KerberosListCommand : BaseCommand
Getting the Tool
The tool is shipped as a dotnet tool right now. It's called 'bruce'. Go figure.
> dotnet tool install -g bruce
A standalone installer is forthcoming.
*Why the name Bruce?
Bruce is our guard dog.