[xad] Re: Kerberos PAC info on MSDN Library
Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Mon Feb 25 07:49:00 EST 2002
On Mon, Feb 25, 2002 at 11:17:08PM +1100, Luke Howard wrote:
> The FreeDCE CVS repository (on dcerpc.net) already contained a
> guess (based on SAMBA code) of the PAC. I have updated this to
> include the released PAC: see freedce/include/dce/id_base.idl
> and freedce/ncklib/com/sec_id.c. You should be able to use
> sec_id_pac_pickle() to NDR encode DCE or Win2K PACs.
using this method requires that you strip out or create
a "header" - including a unique identifier (uuid) as
defined in the idl file that you must create to do the
example test code is in a dce rfc, which you can
cross-reference from dcerpc.net/url.
> We have some patches for Heimdal which enable the backend
> to return an unsigned, NDR-encoded PAC to the KDC, and for
> the KDC to wrap the PAC with the signatures. We were stalled
> on completing this code due to the lack of a published PAC
> specification, but we be able to finish it off now.
> P.S. lkcl: The reference I sent you actually came from the
> krbdev at mit.edu list, so you don't need to point it out!
*slightly confused* - i was including the reference such
that people can see that in the message i sent and then
refer to the rest of the message and see what i am
talking about. sending the message without the reference
they wouldn't know why i was sending to that list. hope
this helps explain why i sent the reference.
More information about the krbdev