Possible to retrieve names of groups from PAC data?

Volker Lendecke Volker.Lendecke at sernet.de
Tue Jul 8 14:19:58 EDT 2014

On Tue, Jul 08, 2014 at 11:08:27AM -0500, Nico Williams wrote:
> It's also possible to use LDAP for SID->name lookups.  In any case,
> no, the Kerberos stack doesn't provide any SID->name lookups today.

That's true, but LSA and CrackNames make it a lot easier in
trusted domain scenarios. The DC you're joined to will also
resolve names from trusted domain's SIDs, which might be
impossible to you due to firewall or other access


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the krbdev mailing list