Access the PAC-region of AS_REQ to get group membership information supplied by
MS KDC
--------------------------------------------------------------------------------------
Key: DIRKRB-79
URL: https://issues.apache.org/jira/browse/DIRKRB-79
Project: Directory Kerberos
Issue Type: Wish
Reporter: Alex Karasulu
Assignee: Emmanuel Lecharny
Priority: Minor
The Microsoft KDC uses the PAC-region to supply authorization information
(namely group memberships) returned back to systems in the authentication
response of the Authentication Service.
It's foreseeable that the kerberos codec will eventually be used for the de
facto standard KRB5 client hosted here at Directory. This capability to access
the PAC's group membership information will allow KRB clients using this
library to manage authorization based on MS network groups. Here's a paper
talking about the PAC region: http://msdn.microsoft.com/en-us/library/Aa302203
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
