[xad] Re: Kerberos PAC info on MSDN Library

Luke Howard lukeh at PADL.COM
Tue Feb 26 03:34:01 EST 2002

> using this method requires that you strip out or create
> a "header" - including a unique identifier (uuid) as
> defined in the idl file that you must create to do the
> picking/unpickling.
> example test code is in a dce rfc, which you can
> cross-reference from dcerpc.net/url.

Looking at idl_es_put_encoding_header() in idllib/pickling.c,
it appears that this header is 56 bytes; the KDC (HDB) backend
can pickle the PAC, move past the header, and return it to
the KDC. The KDC itself can avoid pulling in idllib as the
signatures and other framing information do not contain complex
data types. 

BTW, it was necessary add support for the BOOLEAN ASN.1 data type
to Heimdal's ASN.1 parser to support the KERB_PA_PAC_REQUEST. (Assar:
any progress on your SPNEGO implementation for Heimdal?)

-- Luke

Luke Howard | lukehoward.com
PADL Software | www.padl.com

More information about the krbdev mailing list