Microsoft PAC field
Sam Hartman
hartmans at MIT.EDU
Thu Jul 15 15:01:07 EDT 2004
>>>>> "Markus" == Markus Moeller <huaraz at moeller.plus.com> writes:
Markus> Has anybody tried to use the PAC field with MIT Kerberos ?
Markus> I tried after a kinit against a w2k kdc to look at the
Markus> details in the credential cache, but all pointers to
Markus> authorisation data (cred->authdata and
Markus> decode(cred->ticket)->enc_part2->authorization_data) are
Markus> 0.
Authorization data is only available to the service. Authenticate
against the local host as a service and then get access to the
authorization data. Doing anything else would be vulnerable to a
spoofed KDC anyway.
More information about the Kerberos
mailing list