requesting MS-PAC in AS-REQ
Greg Hudson
ghudson at MIT.EDU
Thu Aug 7 15:21:25 EDT 2014
On 08/06/2014 06:12 PM, Nate Rosenblum wrote:
> When requesting a TGT from a Microsoft KDC, I'd like to request a PAC by
> adding a KRB5_PADATA_PAC_REQUEST to the PADATA. I looked through the public
> headers and no method for doing this jumps out at me; is this something for
> which I'd need to add a client preauth module for?
I think you are right for now. I will open a ticket that we should add
krb5_get_init_creds_opt_set_pac_request like Heimdal does.
Unfortunately there isn't time to get it into 1.13.
Under what circumstances does AD use this padata element? I thought
that it normally included a PAC by default, unless the service principal
is configured not to require it.
More information about the krbdev
mailing list