Microsoft PAC field

Sam Hartman hartmans at MIT.EDU
Thu Jul 15 15:01:07 EDT 2004


>>>>> "Markus" == Markus Moeller <huaraz at moeller.plus.com> writes:

    Markus> Has anybody tried to use the PAC field with MIT Kerberos ?
    Markus> I tried after a kinit against a w2k kdc to look at the
    Markus> details in the credential cache, but all pointers to
    Markus> authorisation data (cred->authdata and
    Markus> decode(cred->ticket)->enc_part2->authorization_data) are
    Markus> 0.

Authorization data is only available to the service.  Authenticate
against the local host as a service and then get access to the
authorization data.  Doing anything else would be vulnerable to a
spoofed KDC anyway.



More information about the Kerberos mailing list