PAC Validation
Andrew Bartlett
abartlet at samba.org
Tue Jun 28 05:41:02 EDT 2005
On Tue, 2005-06-28 at 19:20 +1000, Andrew Bartlett wrote:
> In my work on Samba4, I'm trying to actually handle the kerberos PAC
> (compared with Samba3 approach of ignoring the problem).
>
> As such, I'm trying to both parse the PAC (reasonably easy, with Samba's
> NDR layer), and to validate the signatures.
>
> Has anybody on this list actually managed to follow the specification
> Microsoft published, using the MIT Kerberos API? I'm particularly
> interested in public code I can just reference, but I'll take hits as
> well :-)
>
> In my attempts so far, I've extended Heimdal's kerberos and GSSAPI, but
> I've not yet made it work.
It always happens this way - as soon as you write the mail, you try one
more thing... I now have the PAC validation working. It is a bit of a
cludge at this point, but I will document it for a tutorial I'm giving
at the CIFS conference in August.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050628/53593776/attachment.bin
More information about the krbdev
mailing list