Category: Kerberos

Kerberos PAC validation

http://support.microsoft.com/kb/906736 basically, all Kerberos tickets in windows have a PAC (that holds all the groups of the identity). If the resource that is accessed is NOT running under system account (but user/service), the resource will issue a verification of the PAC at the nearest domain controller. That DC will verify the PAC load and…

July 20, 2008

Kerberos PAC validation