Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources
draft-brezak-win2k-krb-authz-01

 
Document
Type Expired Internet-Draft (individual)
Last updated 2002-10-16
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream
Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG
IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

Email authors IPR References Referenced by Nits Search lists

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
//www.ietf.org/archive/id/draft-brezak-win2k-krb-authz-01.txt

Abstract

Microsoft Windows 2000 includes operating system specific data in the Kerberos V5 [2] authorization data field that is used for access control. This data is used to create an NT access token. The access token is used by the system to enforce access checking when attempting to access objects. This document describes the structure of the Windows 2000 specific authorization data that is carried in that field for use by servers in performing access control.

Authors

John Brezak (jbrezak@microsoft.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)