[39255] in Kerberos
Re: Kerberos PAC decoding support
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Aug 24 13:18:56 2023
Message-ID: <c563996f-d8f2-9bbb-6238-b5d1d6b55485@mit.edu>
Date: Thu, 24 Aug 2023 13:15:32 -0400
MIME-Version: 1.0
Content-Language: en-US
To: Ondrej Valousek <ondrej.valousek.xm@renesas.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
From: "Greg Hudson" <ghudson@mit.edu>
In-Reply-To: <TYCPR01MB118471D443B42094302C80091D91DA@TYCPR01MB11847.jpnprd01.prod.outlook.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
On 8/24/23 02:18, Ondrej Valousek wrote:
> I am wondering if it is reasonable to request the MIT library to support PAC decoding (possibly in form of Named Attributes) so that the information there could be used in calling application, I.e.:
PAC buffers are available via these name attributes:
urn:mspac: (for the whole PAC)
urn:mspac:logon-info
urn:mspac:credentials-info
urn:mspac:server-checksum
urn:mspac:privsvr-checksum
urn:mspac:client-info
urn:mspac:delegation-info
urn:mspac:upn-dns-info
libkrb5 doesn't do any NDR decoding, so that part has to be done by the
application.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
