[PATCH] winbind interface to extract SIDs from PAC

Christof Schmitt christof.schmitt at us.ibm.com
Tue Jul 3 16:12:17 MDT 2012

simo <idra at samba.org> wrote on 07/03/2012 02:26:25 PM:

> On Tue, 2012-07-03 at 15:22 -0600, Christof Schmitt wrote: 
> > The attached patches implement a new winbind interface function
> > wbcPacToSids. External applications that received a kerberos
> > ticket from an ADS can use this function to extract the SIDs from
> > the PAC in in the kerberos ticket. This allows external
> > applications to retrieve the user ids without reimplementing the
> > code for decoding the PAC.
> Christof why do you need a Winbindd extension for this ?
> We have a library that already allows all this w/o adding intefaces to
> winbind that we then have to support for a long time.
> Is there a particular reason why you can't link to the appropriate
> samba4 libraries ?

I was not aware of the samba4 libraries and it seems that the
autotools build does not build them as
libraries. kerberos_decode_pac seems to be available in
libauthkrb5.so and pac_utils.h. Is this a stable interface for
external applications?

(CC'ing Volker since he was also involved in discusisons about
providing this interface.)


Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)

More information about the samba-technical mailing list