Kerberos Feature Request
Sam Hartman
hartmans at MIT.EDU
Tue Feb 10 15:23:17 EST 2004
>>>>> "Henry" == Henry B Hotz <hotz at jpl.nasa.gov> writes:
Henry> I'm not sure if we're on the same wavelength or not. Let
Henry> me try again: I think there should be a standard way to
Henry> fill in PAC data from outside the KDC. Yes the obvious
Henry> application is replacing a windows domain controller, but
Henry> that's not the point because that's not what I'm asking
Henry> for. How can anyone make use of the PAC data option to the
Henry> standard if there's no way to get useful data into the
Henry> field?
PAC is a windows concept. The authorization data field is in the
standard and includes the PAC.
Henry> Are you saying that there is a plugin interface that does
Henry> this, or just that that's your preferred solution?
Henry> Is/would that plugin interface be supported by any non-MIT
Henry> KDCs?
That's my preferred solution. I would not mind non-MIT KDC vendors
being involved in the design process for such an interface, although
I'm concerned some of the internal datatypes you'd need would be MIT
sp.specific.
More information about the krbdev
mailing list