Reading MS PAC data

Markus Moeller huaraz at moeller.plus.com
Sun Aug 18 16:20:17 EDT 2013


"Greg Hudson" <ghudson at MIT.EDU> wrote in message 
news:521124D8.5040500 at mit.edu...
> On 08/18/2013 03:07 PM, Markus Moeller wrote:
>> says ctx->authdata[i]->ad_type  is 1 and not 128.   Is there a bug in MIT 
>> ?
>
> It looks like Heimdal's
> gsskrb5_extract_authz_data_from_sec_context will look inside
> AD-IF-RELEVANT containers but MIT's will not.  We can correct this
> divergence for future releases (I'm actually not sure how it came
> about), but that probably doesn't solve your problem.
>
> In the mean time, I think using gss_get_name_attribute with urn:mspac:
> is your best bet, when linking against MIT krb5 libraries.  Samba's
> auth/kerberos/gssapi_pac.c has example usage.
>

I was sucessful with gss_map_name_to_any and MIT libraries, but was looking 
for a function both support, but it seems I need to use different functions 
for now

> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

Thank you
Markus




More information about the Kerberos mailing list