[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos IF_RELEVANT/PAC structure question

To: "Douglas E. Engert" <deengert@anl.gov>
Subject: Re: Kerberos IF_RELEVANT/PAC structure question
From: Gémes Géza <geza@kzsdabas.sulinet.hu>
Date: Tue, 02 Mar 2004 18:45:59 +0100
Cc: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>, heimdal-discuss@sics.se
In-Reply-To: <404489B4.12FD993A@anl.gov>
References: <002501c40052$1f340e40$6501010a@C5043436> <404489B4.12FD993A@anl.gov>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.4) Gecko/20030630

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Douglas E. Engert írta:
|
| Ronnie Sahlberg wrote:
|
|>Hi list.
|>
|>Im continuing to fight with my enhanced ethereal kerberos dissector with
|>some progress.
|>
|>I can now (even if other minor problems remain) view the decrypted
data of a
|>w2k PAC blob
|>passed inside a ticket from a w2k client while authenticating to a member
|>server.
|>
|>I have been told that this data is NDR encoded (I am very familiar
with ndr
|>encoding)
|>does anyone have a specification or any information on what data is
held in
|>these structures
|>to make life easier for me?
|
|
|
|
| A New Internet-Draft is available from the on-line Internet-Drafts
directories.
|
|
|         Title           : Utilizing the Windows 2000 Authorization
Data in
|                           Kerberos Tickets for Access Control to Resources
|         Author(s)       : J. Brezak
|         Filename        : draft-brezak-win2k-krb-authz-01.txt
|         Pages           : 9
|         Date            : 2002-10-16
|
| Microsoft Windows 2000 includes operating system specific data in
| the Kerberos V5 [2] authorization data field that is used for access
| control. This data is used to create an NT access token. The access
| token is used by the system to enforce access checking when
| attempting to access objects. This document describes the structure
| of the Windows 2000 specific authorization data that is carried in
| that field for use by servers in performing access control.
|
| A URL for this Internet-Draft is:
| http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-authz-01.txt
|
|
|
I wasn't able to access that document, but found something similar:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/html/MSDN_PAC.asp

and

http://download.microsoft.com/download/win2000srv/Spec/1.0/NT5/EN-US/kerbspec.exe

the later is a packaged pdf file, at least M$ says that about it, I
haven't downloaded it yet.

Good Luck!

P.S.
We Samba users, are all waiting for an MSPAC implementation in Heimdal

Cheers,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFARMhX/PxuIn+i1pIRAq6rAKCKr99iPzBteRzCBLXJu0ACRBq8uQCeMSCh
p3aG0975i68XuY8Te9iYCV4=
=x087
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>

References:
- Kerberos IF_RELEVANT/PAC structure question
  - From: "Ronnie Sahlberg" <ronnie_sahlberg@ozemail.com.au>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Douglas E. Engert" <deengert@anl.gov>

Prev by Date: Re: Kerberos IF_RELEVANT/PAC structure question
Next by Date: Re: Kerberos IF_RELEVANT/PAC structure question
Prev by thread: Re: Kerberos IF_RELEVANT/PAC structure question
Next by thread: Re: Kerberos IF_RELEVANT/PAC structure question
Index(es):
- Date
- Thread