AD-TOKEN is an authorization data that wraps a token. When ticket is issued to honor a request with token credential, an authorization data in the type can be created and put into the ticket. The token or the token derivation can be wrapped in the data, so in application side, the authz data and the token can be queried and retrieved to enforce fine-grained authorization control using the richful token attributes.
Yeah, we haven't used it yet. In fact, the whole authorization data part is lacking in current Kerby server side to be implemented. You may find many types defined but not used yet, such are indications we have much work to do. :( Regards, Kai -----Original Message----- From: Emmanuel Lécharny [mailto:[email protected]] Sent: Thursday, December 31, 2015 2:09 AM To: [email protected] Subject: AdToken usage ? Hi, there is a class named org.apache.kerby.kerberos.kerb.type.ad.AdToken. What is it used for ? (there is no reference to this class anywhere in Kerby code) AD-TOKEN ::= SEQUENCE { token [0] OCTET STRING, }
