jaltman at secure-endpoints.com
Tue Sep 11 09:34:27 EDT 2007
Vipin Rathor wrote:
> Is anyone aware of any Kerberos applications (Open-AFS,Secure linux etc)
> which makes use of "authorization-data" field present in the Kerberos ticket
> to store some additional authorization related information ?
> The "authorization-data" field is explained in the EncTicketPart ::=
> [APPLICATION 3] exaplantion of RFC 4120 under section 5.3.
> I wanted to know if it has ever been used by anyone , and if so who are they
> ? Becuase to my knowledge MIT Kerberos does not provide any exported APIs
> for end application that can use this feild to store additional
> authorization information (please correct me if I am wrong) ?
> Thanks in advance...
The authorization-data field is used by DCE and Microsoft Windows Active
Directory domains. In Microsoft Windows, the field is used to carry the
In MIT Kerberos, the krb5_authdata structure used as part of other
publicly available data structures and in that way it is available
to application services for use.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070911/c52a65c0/attachment.bin
More information about the krbdev