Windows Kerberos PAC patent

Jeffrey Altman jaltman2 at
Fri Feb 11 00:02:59 EST 2005

Fredrik Tolf wrote:
> I have to admit that I don't know a lot about Windows and Kerberos.
> However, as I've understood it, the only thing that really prevents you
> from using a MIT KDC for Windows clients is the authorization data they
> ship in the ticket, right? And this is called "PAC", right?
> I've let myself understand that Microsoft has somehow patented this PAC
> field. Now, I'm wondering if anyone in this newsgroup would happen to
> know what patent this is and if there's any way I can have a look at it
> (mostly for curiosity reasons)?
> Thanks!
> Fredrik Tolf

Microsoft cannot patent the authorization data field of a Kerberos 
ticket because that is published in public form by the IETF and was
invented outside of Microsoft.

Microsoft may very well have a patent on what they store inside the 
field.  However, they have made the contents publicly available provided
you are willing to accept their license agreement.

See archives of this group from summer 2000 for details.

Jeffrey Altman

More information about the Kerberos mailing list