Impact of "MS AD Kerberos token size" change
Douglas E. Engert
deengert at anl.gov
Fri May 14 14:51:41 EDT 2010
saggar wrote:
> On Apr 29, 4:43 pm, JC Ferguson <j... at f5.com> wrote:
>> I have found the change not necessary in the MIT library. I've seen tokens as large as 24k from MS AD domain controllers.
>>
>> -jc
>>
>> ----- Original Message -----
>> From: krbdev-boun... at mit.edu <krbdev-boun... at mit.edu>
>> To: kerbe... at mit.edu <kerbe... at mit.edu>; krb... at mit.edu <krb... at mit.edu>
>> Sent: Thu Apr 29 07:30:52 2010
>> Subject: Impact of "MS AD Kerberos token size" change
>>
>> Is MIT kerberos implementation dependent on Microsoft AD Kerberos Token Size
>> ? If a user changes the default size from 12K to 64K . does it needs a
>> change in kerberos also ?
>>
>> --
>> Regards
>> Sunil Saggar
>> _______________________________________________
>> krbdev mailing list krb... at mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev
>
> I would like to understand how this token is used and how MIT library
> is not dependent on it. Will appreciate code_pointers/documentation.
>
Google for: Microsoft kerberos PAC
The PAC has UUIDs and GUIDs for the user, and is used in a domain for
authorization. A normal kerberos ticket might be less the 500 bytes.
The other 23.5k of the ticket is the PAC.
> -S
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list