Kerberos PAC info on MSDN Library
lukeh at padl.com
Mon Feb 25 07:19:00 EST 2002
The FreeDCE CVS repository (on dcerpc.net) already contained a
guess (based on SAMBA code) of the PAC. I have updated this to
include the released PAC: see freedce/include/dce/id_base.idl
and freedce/ncklib/com/sec_id.c. You should be able to use
sec_id_pac_pickle() to NDR encode DCE or Win2K PACs.
We have some patches for Heimdal which enable the backend
to return an unsigned, NDR-encoded PAC to the KDC, and for
the KDC to wrap the PAC with the signatures. We were stalled
on completing this code due to the lack of a published PAC
specification, but we be able to finish it off now.
It should be noted that providing the authorization data
component of the PAC is but a small part of providing
a Win2K-compatible domain controller service.
P.S. lkcl: The reference I sent you actually came from the
krbdev at mit.edu list, so you don't need to point it out!
Luke Howard | lukehoward.com
PADL Software | www.padl.com
More information about the krbdev