Obtaining Kerberos Tickets without the Microsoft PAC

Sam Hartman hartmans at MIT.EDU
Thu Aug 21 16:07:34 EDT 2003


Doug, I presume that if you want Microsoft to do anything with your
change you're going to submit it to them somehow.

Also, I tend to believe that even if they add a service principal
option, they should respect the pa-data type in tgs requests.

I assume that you were not submitting this patch for inclusion in MIT
Kerberos but were just giving a copy to the developer community.  As
you know, you would want to open a bug report with the patch if you
want us to consider it for inclusion.

If you do submit the patch for inclusion, you'd probably want to at
least make the API for setting the option take a boolean to turn it on
or off.  Of course you cannot implement it as a boolean because you
cannot expand the init_creds structure exposed in the ABI.  In
addition, you would probably need to include a config file option for
setting the default value.



More information about the krbdev mailing list