Delegation and Moonshot
Nico Williams
nico at cryptonector.com
Mon Apr 4 01:34:17 EDT 2011
On Mon, Apr 4, 2011 at 12:16 AM, Luke Howard <lukeh at padl.com> wrote:
> If you want to pick apart the PAC, I would do it with the MIT libkrb5 plugin interface. See the code that already does that to some extent. If you want to process the picked apart PAC with policy to map it to UIDs, then either this interface or Shibboleth might be candidates.
The latter (I want the SIDs, the SIDs mapped to UIDs/GIDs, the homedir
UNC mapped to whatever, ...).
More information about the krbdev
mailing list