>I am wondering if it is reasonable to request the MIT library to >support PAC decoding (possibly in form of Named Attributes) so that the >information there could be used in calling application, I.e.: > >https://github.com/gssapi/mod_auth_gssapi/issues/288#issuecomment-1690541858 > >Is something like this reasonable? If yes, is this support planned in >forthcoming releases of MIT Kerberos library?
I _think_ that's already there? If you're using the GSSAPI you already have support for named attribute retrieval, as detailed here: https://web.mit.edu/kerberos/krb5-devel/doc/appdev/gssapi.html I know there is already extensive PAC decoding and validation in later MIT Kerberos versions. But I would caution you that like Simo mentioned I think all you get is SIDs in the PAC and you have to do some more work to turn that into something useful. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos