(heimdal.info) Authorization data

情報カタログ

(heimdal.info) Encryption types

(heimdal.info) Windows 2000 compatability

(heimdal.info) Quirks of Windows 2000 KDC

 
 Authorization data
 ==================
 
 The Windows 2000 KDC also adds extra authorization data in tickets.  It
 is at this point unclear what triggers it to do this.  The format of
 this data is only available under a "secret" license from Microsoft,
 which prohibits you implementing it.
 
 A simple way of getting hold of the data to be able to understand it
 better is described here.
 
   1. Find the client example on using the SSPI in the SDK documentation.
 
   2. Change "AuthSamp" in the source code to lowercase.
 
   3. Build the program.
 
   4. Add the "authsamp" principal with a known password to the
      database.  Make sure it has a DES key.
 
   5. Run `ktutil add' to add the key for that principal to a keytab.
 
   6. Run `appl/test/nt_gss_server -p 2000 -s authsamp --dump-auth=file'
      where file is an appropriate file.
 
   7. It should authenticate and dump for you the authorization data in
      the file.
 
   8. The tool `lib/asn1/asn1_print' is somewhat useful for analyzing
      the data.
 

情報カタログ

(heimdal.info) Encryption types

(heimdal.info) Windows 2000 compatability

(heimdal.info) Quirks of Windows 2000 KDC