Possible to retrieve names of groups from PAC data?
Volker Lendecke
Volker.Lendecke at sernet.de
Tue Jul 8 14:19:58 EDT 2014
On Tue, Jul 08, 2014 at 11:08:27AM -0500, Nico Williams wrote:
> It's also possible to use LDAP for SID->name lookups. In any case,
> no, the Kerberos stack doesn't provide any SID->name lookups today.
That's true, but LSA and CrackNames make it a lot easier in
trusted domain scenarios. The DC you're joined to will also
resolve names from trusted domain's SIDs, which might be
impossible to you due to firewall or other access
restrictions.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the krbdev
mailing list