[PATCH] winbind interface to extract SIDs from PAC
Christof Schmitt
christof.schmitt at us.ibm.com
Tue Jul 3 16:12:17 MDT 2012
simo <idra at samba.org> wrote on 07/03/2012 02:26:25 PM:
> On Tue, 2012-07-03 at 15:22 -0600, Christof Schmitt wrote:
> > The attached patches implement a new winbind interface function
> > wbcPacToSids. External applications that received a kerberos
> > ticket from an ADS can use this function to extract the SIDs from
> > the PAC in in the kerberos ticket. This allows external
> > applications to retrieve the user ids without reimplementing the
> > code for decoding the PAC.
>
> Christof why do you need a Winbindd extension for this ?
>
> We have a library that already allows all this w/o adding intefaces to
> winbind that we then have to support for a long time.
>
> Is there a particular reason why you can't link to the appropriate
> samba4 libraries ?
I was not aware of the samba4 libraries and it seems that the
autotools build does not build them as
libraries. kerberos_decode_pac seems to be available in
libauthkrb5.so and pac_utils.h. Is this a stable interface for
external applications?
(CC'ing Volker since he was also involved in discusisons about
providing this interface.)
Regards,
Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com || +1-520-799-2469 (T/L: 321-2469)
More information about the samba-technical
mailing list