[prev in list] [next in list] [prev in thread] [next in thread]
List: krbdev
Subject: Re: requesting MS-PAC in AS-REQ
From: Nate Rosenblum <nater () maginatics ! com>
Date: 2014-08-07 19:37:44
Message-ID: CACK7m--BCU2UQ_oTywdt6WCYWhhGb9375s=qMwcgLKLfjWRhkw () mail ! gmail ! com
[Download RAW message or body]
>
> I think you are right for now. I will open a ticket that we should add
> krb5_get_init_creds_opt_set_pac_request like Heimdal does.
> Unfortunately there isn't time to get it into 1.13.
>
> Under what circumstances does AD use this padata element? I thought
> that it normally included a PAC by default, unless the service principal
> is configured not to require it.
>
I believe that Windows servers will only return a PAC in the AS-REP and
TGS-REP messages if requested; that's my reading of MS-KILE, Sec. 3.3.5.3 (
http://msdn.microsoft.com/en-us/library/cc233897.aspx). I could be wrong;
let me double-check.
--nate
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic