[xad] Re: Kerberos PAC info on MSDN Library

Luke Kenneth Casson Leighton lkcl at samba-tng.org
Mon Feb 25 07:49:00 EST 2002

On Mon, Feb 25, 2002 at 11:17:08PM +1100, Luke Howard wrote:
> The FreeDCE CVS repository (on dcerpc.net) already contained a 
> guess (based on SAMBA code) of the PAC. I have updated this to
> include the released PAC: see freedce/include/dce/id_base.idl
> and freedce/ncklib/com/sec_id.c. You should be able to use
> sec_id_pac_pickle() to NDR encode DCE or Win2K PACs.
 using this method requires that you strip out or create
 a "header" - including a unique identifier (uuid) as
 defined in the idl file that you must create to do the

 example test code is in a dce rfc, which you can
 cross-reference from dcerpc.net/url.

> We have some patches for Heimdal which enable the backend
> to return an unsigned, NDR-encoded PAC to the KDC, and for
> the KDC to wrap the PAC with the signatures. We were stalled
> on completing this code due to the lack of a published PAC
> specification, but we be able to finish it off now.

> P.S. lkcl: The reference I sent you actually came from the
> krbdev at mit.edu list, so you don't need to point it out!

*slightly confused* - i was including the reference such
that people can see that in the message i sent and then
refer to the rest of the message and see what i am
talking about.  sending the message without the reference
they wouldn't know why i was sending to that list.  hope
this helps explain why i sent the reference.

More information about the krbdev mailing list