Sign in
Version 5.13.0, 2015-03-25
Report a bug

Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources

Document type: Expired Internet-Draft (individual)
Document stream: No stream defined
Last updated: 2002-10-16
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

Stream State:No stream defined
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


Microsoft Windows 2000 includes operating system specific data in the Kerberos V5 [2] authorization data field that is used for access control. This data is used to create an NT access token. The access token is used by the system to enforce access checking when attempting to access objects. This document describes the structure of the Windows 2000 specific authorization data that is carried in that field for use by servers in performing access control.


John Brezak <>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)