Kerberos PAC info on MSDN Library

Luke Howard lukeh at
Mon Feb 25 07:19:00 EST 2002

The FreeDCE CVS repository (on already contained a 
guess (based on SAMBA code) of the PAC. I have updated this to
include the released PAC: see freedce/include/dce/id_base.idl
and freedce/ncklib/com/sec_id.c. You should be able to use
sec_id_pac_pickle() to NDR encode DCE or Win2K PACs.

We have some patches for Heimdal which enable the backend
to return an unsigned, NDR-encoded PAC to the KDC, and for
the KDC to wrap the PAC with the signatures. We were stalled
on completing this code due to the lack of a published PAC
specification, but we be able to finish it off now.

It should be noted that providing the authorization data
component of the PAC is but a small part of providing
a Win2K-compatible domain controller service.


-- Luke

P.S. lkcl: The reference I sent you actually came from the
krbdev at list, so you don't need to point it out!

Luke Howard |
PADL Software |

More information about the krbdev mailing list