diff options
Diffstat (limited to 'source4/auth/kerberos/kerberos-notes.txt')
-rw-r--r-- | source4/auth/kerberos/kerberos-notes.txt | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt index a36bf556aa..83fb886c45 100644 --- a/source4/auth/kerberos/kerberos-notes.txt +++ b/source4/auth/kerberos/kerberos-notes.txt @@ -309,6 +309,12 @@ Samba makes extensive use of the principal manipulation functions in Heimdal, including the known structure behind krb_principal and krb5_realm (a char *). +Authz data extraction +--------------------- + +We use krb5_ticket_get_authorization_data_type(), and expect it to +return the correct authz data, even if wrapped in an AD-IFRELEVENT container. + KDC Extensions -------------- @@ -392,14 +398,6 @@ PAC Correctness We need to put the PAC into the TGT, not just the service ticket. -Authz data extraction ---------------------- - -We need to parse the authz data field correctly, and have a generic -rouitine to get at particular types of data, no matter their inclusion -in 'if relevent' or other stuctures. This should be a utlity function -we can use in both the client libs and KDC. - Forwarded tickets ----------------- |