Kerberos PAC decoding support
Greg Hudson
ghudson at mit.edu
Thu Aug 24 13:15:32 EDT 2023
On 8/24/23 02:18, Ondrej Valousek wrote:
> I am wondering if it is reasonable to request the MIT library to support PAC decoding (possibly in form of Named Attributes) so that the information there could be used in calling application, I.e.:
PAC buffers are available via these name attributes:
urn:mspac: (for the whole PAC)
urn:mspac:logon-info
urn:mspac:credentials-info
urn:mspac:server-checksum
urn:mspac:privsvr-checksum
urn:mspac:client-info
urn:mspac:delegation-info
urn:mspac:upn-dns-info
libkrb5 doesn't do any NDR decoding, so that part has to be done by the
application.
More information about the Kerberos
mailing list