kerberos query
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Sep 11 09:34:27 EDT 2007
Vipin Rathor wrote:
> Hi,
>
> Is anyone aware of any Kerberos applications (Open-AFS,Secure linux etc)
> which makes use of "authorization-data" field present in the Kerberos ticket
> to store some additional authorization related information ?
>
> The "authorization-data" field is explained in the EncTicketPart ::=
> [APPLICATION 3] exaplantion of RFC 4120 under section 5.3.
> I wanted to know if it has ever been used by anyone , and if so who are they
> ? Becuase to my knowledge MIT Kerberos does not provide any exported APIs
> for end application that can use this feild to store additional
> authorization information (please correct me if I am wrong) ?
>
> Thanks in advance...
The authorization-data field is used by DCE and Microsoft Windows Active
Directory domains. In Microsoft Windows, the field is used to carry the
PAC.
http://msdn.microsoft.com/library/en-us/dnkerb/html/MSDN_PAC.asp
In MIT Kerberos, the krb5_authdata structure used as part of other
publicly available data structures and in that way it is available
to application services for use.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070911/c52a65c0/attachment.bin
More information about the krbdev
mailing list