[ 
https://issues.apache.org/jira/browse/DIRKRB-79?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124683#comment-16124683
 ] 

Dmitry Bedrin commented on DIRKRB-79:
-------------------------------------

Project JAASLounge supports parsing this data:
https://github.com/pingidentity/jaaslounge-decoding/blob/master/src/main/java/org/jaaslounge/decoding/pac/PacLogonInfo.java

The project (both original and this fork) seems abandoned though

> Access the PAC-region of AS_REQ to get group membership information supplied 
> by MS KDC
> --------------------------------------------------------------------------------------
>
>                 Key: DIRKRB-79
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-79
>             Project: Directory Kerberos
>          Issue Type: Wish
>            Reporter: Alex Karasulu
>            Assignee: Emmanuel Lecharny
>            Priority: Minor
>
> The Microsoft KDC uses the PAC-region to supply authorization information 
> (namely group memberships) returned back to systems in the authentication 
> response of the Authentication Service. 
> It's foreseeable that the kerberos codec will eventually be used for the de 
> facto standard KRB5 client hosted here at Directory. This capability to 
> access the PAC's group membership information will allow KRB clients using 
> this library to manage authorization based on MS network groups. Here's a 
> paper talking about the PAC region: 
> http://msdn.microsoft.com/en-us/library/Aa302203



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to