directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-79) Access the PAC-region of AS_REQ to get group membership information supplied by MS KDC
Date Mon, 14 Aug 2017 00:42:00 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-79?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16125108#comment-16125108
] 

Kai Zheng commented on DIRKRB-79:
---------------------------------

[~bedrin] this sounds an excellent work. Assigned this to you and look forward to your PR.

> Access the PAC-region of AS_REQ to get group membership information supplied by MS KDC
> --------------------------------------------------------------------------------------
>
>                 Key: DIRKRB-79
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-79
>             Project: Directory Kerberos
>          Issue Type: Wish
>            Reporter: Alex Karasulu
>            Assignee: Dmitry Bedrin
>            Priority: Minor
>
> The Microsoft KDC uses the PAC-region to supply authorization information (namely group
memberships) returned back to systems in the authentication response of the Authentication
Service. 
> It's foreseeable that the kerberos codec will eventually be used for the de facto standard
KRB5 client hosted here at Directory. This capability to access the PAC's group membership
information will allow KRB clients using this library to manage authorization based on MS
network groups. Here's a paper talking about the PAC region: http://msdn.microsoft.com/en-us/library/Aa302203



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message