Windows Authorization Data in Kerberos Tickets
Nagaraj Shyam
Nagaraj_Shyam at symantec.com
Thu Dec 13 13:47:59 EST 2007
Hi All,
I am trying to decode the authorization data in kerberos tickets issued
by Microsoft's Active Directory KDC. Of course the server machine is a
non windows machine (Linux in my case). I see some things I cant
explain:
e.g. if a user belongs to multiple groups, the "GroupCount" field doesnt
change
in the ticket, even if I add/remove the groups to which the user
belongs.
I do the reboot, and kinit for the user again so, I get a fresh ticket.
The field I am referring to is in the tech doc at:
http://msdn2.microsoft.com/en-us/library/aa302203.aspx
- have the developers on the list been successful in decoding the
ticket?
- is this something of interest to the developers on the list or totally
off topic?
sorry about the spammage if it is the later case. I did see some thread
discussing
about Microsoft ticket extensions on this list in the archives.
Regards,
-Shyam
More information about the krbdev
mailing list