[32339] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Impact of "MS AD Kerberos token size" change

daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri May 14 14:51:46 2010

Message-ID: <4BED9BBD.9040205@anl.gov>
Date: Fri, 14 May 2010 13:51:41 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: saggar <sunil.saggar@gmail.com>
In-Reply-To: <684cf1a8-be04-4b87-9fef-bd96e578c816@h39g2000yqn.googlegroups.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu



saggar wrote:
> On Apr 29, 4:43 pm, JC Ferguson <j...@f5.com> wrote:
>> I have found the change not necessary in the MIT library.  I've seen tokens as large as 24k from MS AD domain controllers.
>>
>> -jc
>>
>> ----- Original Message -----
>> From: krbdev-boun...@mit.edu <krbdev-boun...@mit.edu>
>> To: kerbe...@mit.edu <kerbe...@mit.edu>; krb...@mit.edu <krb...@mit.edu>
>> Sent: Thu Apr 29 07:30:52 2010
>> Subject: Impact of "MS AD Kerberos token size" change
>>
>> Is MIT kerberos implementation dependent on Microsoft AD Kerberos Token Size
>> ?  If a user changes the default size from 12K to 64K . does it needs a
>> change in kerberos also ?
>>
>> --
>> Regards
>> Sunil Saggar
>> _______________________________________________
>> krbdev mailing list             krb...@mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev
> 
> I would like to understand how this token is used and how MIT library
> is not dependent on it. Will appreciate code_pointers/documentation.
> 

Google for:  Microsoft kerberos PAC

The PAC has UUIDs and GUIDs for the user, and is used in a domain for
authorization. A normal kerberos ticket might be less the 500 bytes.
The other 23.5k of the ticket is the PAC.

> -S
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post