Has anybody tried to use the PAC field with MIT Kerberos ? I tried after a kinit against a w2k kdc to look at the details in the credential cache, but all pointers to authorisation data (cred->authdata and decode(cred->ticket)->enc_part2->authorization_data) are 0. Thank you Markus