[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos IF_RELEVANT/PAC structure question

Ronnie Sahlberg wrote:
> Hi list.
> Im continuing to fight with my enhanced ethereal kerberos dissector with
> some progress.
> I can now (even if other minor problems remain) view the decrypted data of a
> w2k PAC blob
> passed inside a ticket from a w2k client while authenticating to a member
> server.
> I have been told that this data is NDR encoded (I am very familiar with ndr
> encoding)
> does anyone have a specification or any information on what data is held in
> these structures
> to make life easier for me?

A New Internet-Draft is available from the on-line Internet-Drafts directories.

        Title           : Utilizing the Windows 2000 Authorization Data in 
                          Kerberos Tickets for Access Control to Resources
        Author(s)       : J. Brezak
        Filename        : draft-brezak-win2k-krb-authz-01.txt
        Pages           : 9
        Date            : 2002-10-16
Microsoft Windows 2000 includes operating system specific data in 
the Kerberos V5 [2] authorization data field that is used for access 
control. This data is used to create an NT access token. The access 
token is used by the system to enforce access checking when 
attempting to access objects. This document describes the structure 
of the Windows 2000 specific authorization data that is carried in 
that field for use by servers in performing access control.

A URL for this Internet-Draft is:


 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444