Microsoft

Thank you for downloading

  • Tokensz

    Choose the files that didn't download.

    File name Download link Size
    tokensz_package.exe (recommended) Click here 91 KB

    Download Summary:

    Total Size:

    If your download does not start after 30 seconds,  Click here

    Install Instructions

    Examples of Kerberos Token Size in Use
    Example 1: Incomplete context
    To determine the maximum Kerberos token size using incomplete context:

    • Type the following at the command line:

    tokensz /compute_tokensize /package:negotiate /use_delegation /target_server:host/server1

    • When you press ENTER, the following output is displayed:

    Name: Negotiate Comment: Microsoft Package Negotiator

    Current PackageInfo->MaxToken: 12128

    MaxTokenSize (incomplete context): 2181


    In this example:

    MaxTokenSize (incomplete context) indicates that the protocol could not perform all legs of authentication. In this case, (incomplete context) was returned because the server was specified as server 1, but the test was run under the user account. However, this is still a reasonable estimation of the maximum token size required for this user to authenticate to server 1.

    Example 2: Administrator account to server host with delegation requested
    To determine the maximum Kerberos token size for administrator to the host server 1:

    • Type the following at the command line:

    tokensz /compute_tokensize /package:negotiate /target_server:host/server1 /
    user:administrator /password:ClientPassword /domain:UserDomain /use_delegation

    • When you press ENTER, the following output is displayed:

    Name: Negotiate Comment: Microsoft Package Negotiator

    Current PackageInfo->MaxToken: 12128

    Asked for delegate, but didn't get it

    Check if server is trusted for delegation.

    QueryKeyInfo:

    Signature algorithm =

    Encrypt algorithm = RSADSI RC4-HMAC

    KeySize = 128

    Flags = 2081e

    Signature Algorithm = -138

    Encrypt Algorithm = 23

    Start:4/2/2003 5:54:19

    Expiry:4/2/2003 6:54:19

    Current Time: 4/2/2003 5:54:19

    MaxToken (complete context) 1375


    In this example:

    • Asked for delegate, but didn’t get it indicates that delegation was not used. This happens if the target server is not trusted for delegation, or if the user account has the Account is sensitive and cannot be delegated option selected.

    • MaxToken (complete context) indicates that all authentication legs have been completed, and that this is a reliable value for maximum token size for server 1.


    Example 3: Using /calc_groups
    To calculate group membership for user 1:

    • Type the following at the command line:

    tokensz /calc_groups user1


    When you press ENTER, the tool returns a list of Kerberos token contents. In this example, the following output is displayed:

    Username = user1

    TS Session ID: 0

    User

    S-1-5-21-148402017-3776891892-3157626230-1945

    Groups:

    00 S-1-5-21-148402017-3776891892-3157626230-513 Attributes - Mandatory Default Enabled

    01 S-1-1-0 Attributes - Mandatory Default Enabled

    02 S-1-5-32-545 Attributes - Mandatory Default Enabled

    03 S-1-5-32-554 Attributes - Mandatory Default Enabled

    04 S-1-5-2 Attributes - Mandatory Default Enabled

    05 S-1-5-11 Attributes - Mandatory Default Enabled

    06 S-1-5-15 Attributes - Mandatory Default Enabled

    07 S-1-5-5-0-17077419 Attributes - Mandatory Default Enabled LogonId

    Primary Group:

    S-1-5-21-148402017-3776891892-3157626230-513

    Privs

    00 0x000000017 SeChangeNotifyPrivilege Attributes - Enabled Default

    01 0x000000006 SeUnsolicitedInputPrivilege Attributes - Enabled Default

    Auth ID 0:10494b4

    Impersonation Level: Identification

    TokenType Impersonation

Popular downloads

Free PC updates

  • Security patches
  • Software updates
  • Service packs
  • Hardware drivers
Run Microsoft Update
close
moreinfo