kerberos query

Jeffrey Altman jaltman at
Tue Sep 11 09:34:27 EDT 2007

Vipin Rathor wrote:
> Hi,
> Is anyone aware of any Kerberos applications (Open-AFS,Secure linux etc)
> which makes use of "authorization-data" field present in the Kerberos ticket
> to store some additional authorization related information ?
> The "authorization-data" field is explained in the EncTicketPart ::=
> [APPLICATION 3] exaplantion of RFC 4120 under section 5.3.
> I wanted to know if it has ever been used by anyone , and if so who are they
> ? Becuase to my knowledge MIT Kerberos does not provide any exported APIs
> for end application that can use this feild to store additional
> authorization information (please correct me if I am wrong) ?
> Thanks in advance...

The authorization-data field is used by DCE and Microsoft Windows Active
Directory domains.  In Microsoft Windows, the field is used to carry the

In MIT Kerberos, the krb5_authdata structure used as part of other
publicly available data structures and in that way it is available
to application services for use.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list