[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos IF_RELEVANT/PAC structure question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gémes Géza írta:
| Douglas E. Engert írta:
| |
| | Ronnie Sahlberg wrote:
| |
| |>Hi list.
| |>
| |>Im continuing to fight with my enhanced ethereal kerberos dissector with
| |>some progress.
| |>
| |>I can now (even if other minor problems remain) view the decrypted
| data of a
| |>w2k PAC blob
| |>passed inside a ticket from a w2k client while authenticating to a
member
| |>server.
| |>
| |>I have been told that this data is NDR encoded (I am very familiar
| with ndr
| |>encoding)
| |>does anyone have a specification or any information on what data is
| held in
| |>these structures
| |>to make life easier for me?
| |
| |
| |
| |
| | A New Internet-Draft is available from the on-line Internet-Drafts
| directories.
| |
| |
| |         Title           : Utilizing the Windows 2000 Authorization
| Data in
| |                           Kerberos Tickets for Access Control to
| Resources
| |         Author(s)       : J. Brezak
| |         Filename        : draft-brezak-win2k-krb-authz-01.txt
| |         Pages           : 9
| |         Date            : 2002-10-16
| |
| | Microsoft Windows 2000 includes operating system specific data in
| | the Kerberos V5 [2] authorization data field that is used for access
| | control. This data is used to create an NT access token. The access
| | token is used by the system to enforce access checking when
| | attempting to access objects. This document describes the structure
| | of the Windows 2000 specific authorization data that is carried in
| | that field for use by servers in performing access control.
| |
| | A URL for this Internet-Draft is:
| | http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-authz-01.txt
| |
| |
| |
| I wasn't able to access that document, but found something similar:
|
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/html/MSDN_PAC.asp

|
|
| and
|
|
http://download.microsoft.com/download/win2000srv/Spec/1.0/NT5/EN-US/kerbspec.exe

|
|
| the later is a packaged pdf file, at least M$ says that about it, I
| haven't downloaded it yet.
|
| Good Luck!
|
| P.S.
| We Samba users, are all waiting for an MSPAC implementation in Heimdal
|
| Cheers,
|
| Geza
Sorry for the second link it says that you must agree with M$ world
dominance agreement, and offer your first born, before you can read it,
or you are not allowed.
Sorry for sending that stupid link. But the first one is ok from the
point of view of a license.

cheers,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAROIq/PxuIn+i1pIRAiCeAJ4zK3NyhWOr5IoixshVRPD4SZkwlgCfaVXF
lrTT0Cn7m/3AP+X6XMtB5dI=
=QCHp
-----END PGP SIGNATURE-----