[
https://issues.apache.org/jira/browse/DIRKRB-79?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kai Zheng reassigned DIRKRB-79:
-------------------------------
Assignee: Dmitry Bedrin (was: Alex Karasulu)
> Access the PAC-region of AS_REQ to get group membership information supplied
> by MS KDC
> --------------------------------------------------------------------------------------
>
> Key: DIRKRB-79
> URL: https://issues.apache.org/jira/browse/DIRKRB-79
> Project: Directory Kerberos
> Issue Type: Wish
> Reporter: Alex Karasulu
> Assignee: Dmitry Bedrin
> Priority: Minor
>
> The Microsoft KDC uses the PAC-region to supply authorization information
> (namely group memberships) returned back to systems in the authentication
> response of the Authentication Service.
> It's foreseeable that the kerberos codec will eventually be used for the de
> facto standard KRB5 client hosted here at Directory. This capability to
> access the PAC's group membership information will allow KRB clients using
> this library to manage authorization based on MS network groups. Here's a
> paper talking about the PAC region:
> http://msdn.microsoft.com/en-us/library/Aa302203
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
