Kerberos PAC info on MSDN Library

Luke Howard lukeh at PADL.COM
Tue Feb 26 18:18:00 EST 2002

>lkcl> the samba tng project also actually contains
>lkcl> more info (i.e. all of those "reserved" fields
>lkcl> that's bullshit, they're well-known fields!)
>lkcl> in some areas than is outlined in this microsoft
>lkcl> document.
>Are these well-known fields that are claimed to be "reserved" in the
>MS document actually required for proper functioning of a MS service?

I'm not sure whether the LSA retrieves these from the PAC or ignores
them and retrieves them directly from Active Directory. Probably the

Luke Leighton's book on DCE/RPC and SMB contains a Network Monitor
excerpt that reveals the NETLOGON_VALIDATION_SAM_INFO2 structure;
this is layed out similarly to KERB_VALIADTION_INFO without the
last three fields (no resource groups). The "reserved" fields are
labelled. (I assume we can treat this as public information as
it has been published in a book. :-))

-- Luke

Luke Howard |
PADL Software |

More information about the krbdev mailing list