Reading MS PAC data
Markus Moeller
huaraz at moeller.plus.com
Sun Aug 18 16:20:17 EDT 2013
"Greg Hudson" <ghudson at MIT.EDU> wrote in message
news:521124D8.5040500 at mit.edu...
> On 08/18/2013 03:07 PM, Markus Moeller wrote:
>> says ctx->authdata[i]->ad_type is 1 and not 128. Is there a bug in MIT
>> ?
>
> It looks like Heimdal's
> gsskrb5_extract_authz_data_from_sec_context will look inside
> AD-IF-RELEVANT containers but MIT's will not. We can correct this
> divergence for future releases (I'm actually not sure how it came
> about), but that probably doesn't solve your problem.
>
> In the mean time, I think using gss_get_name_attribute with urn:mspac:
> is your best bet, when linking against MIT krb5 libraries. Samba's
> auth/kerberos/gssapi_pac.c has example usage.
>
I was sucessful with gss_map_name_to_any and MIT libraries, but was looking
for a function both support, but it seems I need to use different functions
for now
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
Thank you
Markus
More information about the Kerberos
mailing list