>>>>> "Markus" == Markus Moeller <[EMAIL PROTECTED]> writes:
Markus> Has anybody tried to use the PAC field with MIT Kerberos ?
Markus> I tried after a kinit against a w2k kdc to look at the
Markus> details in the credential cache, but all pointers to
Markus> authorisation data (cred->authdata and
Markus> decode(cred->ticket)->enc_part2->authorization_data) are
Markus> 0.
Authorization data is only available to the service. Authenticate
against the local host as a service and then get access to the
authorization data. Doing anything else would be vulnerable to a
spoofed KDC anyway.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
