[
https://issues.apache.org/jira/browse/DIRKRB-79?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124683#comment-16124683
]
Dmitry Bedrin commented on DIRKRB-79:
-------------------------------------
Project JAASLounge supports parsing this data:
https://github.com/pingidentity/jaaslounge-decoding/blob/master/src/main/java/org/jaaslounge/decoding/pac/PacLogonInfo.java
The project (both original and this fork) seems abandoned though
> Access the PAC-region of AS_REQ to get group membership information supplied
> by MS KDC
> --------------------------------------------------------------------------------------
>
> Key: DIRKRB-79
> URL: https://issues.apache.org/jira/browse/DIRKRB-79
> Project: Directory Kerberos
> Issue Type: Wish
> Reporter: Alex Karasulu
> Assignee: Emmanuel Lecharny
> Priority: Minor
>
> The Microsoft KDC uses the PAC-region to supply authorization information
> (namely group memberships) returned back to systems in the authentication
> response of the Authentication Service.
> It's foreseeable that the kerberos codec will eventually be used for the de
> facto standard KRB5 client hosted here at Directory. This capability to
> access the PAC's group membership information will allow KRB clients using
> this library to manage authorization based on MS network groups. Here's a
> paper talking about the PAC region:
> http://msdn.microsoft.com/en-us/library/Aa302203
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
