[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos IF_RELEVANT/PAC structure question
Ronnie Sahlberg wrote:
>
> Hi list.
>
> Im continuing to fight with my enhanced ethereal kerberos dissector with
> some progress.
>
> I can now (even if other minor problems remain) view the decrypted data of a
> w2k PAC blob
> passed inside a ticket from a w2k client while authenticating to a member
> server.
>
> I have been told that this data is NDR encoded (I am very familiar with ndr
> encoding)
> does anyone have a specification or any information on what data is held in
> these structures
> to make life easier for me?
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Utilizing the Windows 2000 Authorization Data in
Kerberos Tickets for Access Control to Resources
Author(s) : J. Brezak
Filename : draft-brezak-win2k-krb-authz-01.txt
Pages : 9
Date : 2002-10-16
Microsoft Windows 2000 includes operating system specific data in
the Kerberos V5 [2] authorization data field that is used for access
control. This data is used to create an NT access token. The access
token is used by the system to enforce access checking when
attempting to access objects. This document describes the structure
of the Windows 2000 specific authorization data that is carried in
that field for use by servers in performing access control.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-authz-01.txt
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444