tokensz

Overview

Reports the size and properties of kerberos tokens.

Usage Guide

The tool runs in two modes:

  • compute_tokensize - Computes the maximum token size that can successfully authenticate using kerberos.
  • calc_groups - Can only be used with WIndows 2003 key distribution centre (KDC), lists group memberships for a specified user

tokensz can take the following parameters to manage reporting:

compute_tokensize

  • /package: - The authentication package to use, defaults to kerberos, to use negotiate use /package:negotiate.
  • /target_server: - The service principal name and the target authentication server, eg host/dc1.mydomain.com
  • /user: - The user account we are getting information about.
  • /domain: - The domain for the user account we are getting information about.
  • /password: - The password for the user account we are getting information about.
  • /serveruser: - The server account we are getting information about.
  • /serverdomain: - The domain for the server account we are getting information about.
  • /serverpassword: - The password for the server account we are getting information about.
  • /dump_groups - Displays token groups and privileges.
  • /system - Run the query as the local system account. Must be a local administrator to use this parameter.
  • /nopac - Causes the KDC to omit the Privilege Attribute Certificate (PAC) from the ticket granting ticket (TGT). This will give us the token size without the PAC, which is a substantial component of the token.
  • /use_delegation - Use this paramater on a target server that has been trusted for delegation. The token size is doubled when delegation is used an this can cause problem with group policy.
  • /purge_tickets -

calc_groups

  • username - This is the account we are getting information about.
  • /user: - The domain user running the query, must be authorised to query group memberships.
  • /domain: - The domain of the user running the query.
  • /password: - The password for the domain user running the query.
  • /system - Run the query as the local system account. Must be a local administrator to use this parameter.

Tool Data

Operating Platform:Windows
Diagnostic Target:Directory Services - Authentication and Authorisation
Tool Executable:tokensz.exe
Obtain From:Microsoft Download Centre
Web Links:

Results for Tools search

You entered the search string "".
No results were returned for this string.

Copyright © 1997 - 2016 Mission Pacific Pty Ltd. All rights reserved. ezcom, the ez logo and hard tech cafe are registered trademarks of Mission Pacific Pty Ltd. Designed for firefox and safari. Sitemap