Kerberos PAC info on MSDN Library

[Luke Howard]

The FreeDCE CVS repository (on dcerpc.net) already contained a 
guess (based on SAMBA code) of the PAC. I have updated this to
include the released PAC: see freedce/include/dce/id_base.idl
and freedce/ncklib/com/sec_id.c. You should be able to use
sec_id_pac_pickle() to NDR encode DCE or Win2K PACs.

We have some patches for Heimdal which enable the backend
to return an unsigned, NDR-encoded PAC to the KDC, and for
the KDC to wrap the PAC with the signatures. We were stalled
on completing this code due to the lack of a published PAC
specification, but we be able to finish it off now.

It should be noted that providing the authorization data
component of the PAC is but a small part of providing
a Win2K-compatible domain controller service.

regards,

-- Luke

P.S. lkcl: The reference I sent you actually came from the
krbdev at mit.edu list, so you don't need to point it out!

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com