Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E3717200CF1 for ; Mon, 14 Aug 2017 02:40:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E1BB8163F0F; Mon, 14 Aug 2017 00:40:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 35A05163F0A for ; Mon, 14 Aug 2017 02:40:04 +0200 (CEST) Received: (qmail 11939 invoked by uid 500); 14 Aug 2017 00:40:02 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 11929 invoked by uid 99); 14 Aug 2017 00:40:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Aug 2017 00:40:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 84C23C0167 for ; Mon, 14 Aug 2017 00:40:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id xhRKOxoimqV8 for ; Mon, 14 Aug 2017 00:40:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 22FF45F5B3 for ; Mon, 14 Aug 2017 00:40:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 70252E0237 for ; Mon, 14 Aug 2017 00:40:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2EB432140C for ; Mon, 14 Aug 2017 00:40:00 +0000 (UTC) Date: Mon, 14 Aug 2017 00:40:00 +0000 (UTC) From: "Kai Zheng (JIRA)" To: dev@directory.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (DIRKRB-79) Access the PAC-region of AS_REQ to get group membership information supplied by MS KDC MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 14 Aug 2017 00:40:05 -0000 [ https://issues.apache.org/jira/browse/DIRKRB-79?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kai Zheng reassigned DIRKRB-79: ------------------------------- Assignee: Dmitry Bedrin (was: Alex Karasulu) > Access the PAC-region of AS_REQ to get group membership information supplied by MS KDC > -------------------------------------------------------------------------------------- > > Key: DIRKRB-79 > URL: https://issues.apache.org/jira/browse/DIRKRB-79 > Project: Directory Kerberos > Issue Type: Wish > Reporter: Alex Karasulu > Assignee: Dmitry Bedrin > Priority: Minor > > The Microsoft KDC uses the PAC-region to supply authorization information (namely group memberships) returned back to systems in the authentication response of the Authentication Service. > It's foreseeable that the kerberos codec will eventually be used for the de facto standard KRB5 client hosted here at Directory. This capability to access the PAC's group membership information will allow KRB clients using this library to manage authorization based on MS network groups. Here's a paper talking about the PAC region: http://msdn.microsoft.com/en-us/library/Aa302203 -- This message was sent by Atlassian JIRA (v6.4.14#64029)