any way to get user's ldap dn (or part of it) as part of the ticket?
ghudson at mit.edu
Fri Aug 26 02:32:10 EDT 2016
On 08/26/2016 02:29 AM, Greg Hudson wrote:
> Microsoft's PAC is visible to the server, not the client.
Oops, I misread your question. You want this information in the server,
so yes, you want authdata. Ignore everything I said about using padata.
We do have an authdata plugin interface, but unfortunately it's
unfinished and not public. Still, it's probably better than modifying
Authdata is encrypted in the AS-REP, so you don't have to worry about
protecting the value. Negative authdata types are reserved for
unregistered use (RFC 4120 section 5.2.6).
More information about the krbdev