VFS Implementation and user authentication
Nicolas Williams
Nicolas.Williams at ubsw.com
Thu Sep 14 02:16:47 GMT 2000
On Thu, Sep 14, 2000 at 11:59:24AM +1000, Luke Kenneth Casson Leighton wrote:
> > > the PAC in the NT5 Krb5 server contains user profile info, which needs to
> > > be conceptually separated from the kerberos ticket itself.
> >
> > Of course. I used the word profile. In plain Kerberos all there is to
> > the profile is the user principal name, but it (and forwarded TGTs) can
> > be used to obtain other profile information that is relevant to the
> > app.
>
> [ah, terminology, shmology.]
>
> relevant to the app? where does that come in with respect to User
> Credentials?
I meant that only MS' ActiveDirectory puts any profile info in Kerberos
tickets, at this time. Actually, DCE does something like that as well;
you're looking at DCE, so you could tell us the gory details ;) ;)
The rest of world only gets the client's Kerbero principal name and
must go from there, looking up the necessary profile information.
> > > i am not an expert on appropriate terminology, however i know someone who
> > > is :)
> >
> > :)
>
> i'll ask him if i can forward the exchanges i had on this topic last week
> to the list.
:)
Nico
--
More information about the samba-technical
mailing list