| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Why! Won't! PAC! Validation! Turn! Off! | |
|
||
| Time: 23:53 EST/04:53 GMT | News Source: Microsoft | Posted By: Kenneth van Surksum | ||
|
Tim Springston: A while back I wrote a blog post regarding PAC (Privilege Attribute Certificate) validation in Microsoft Kerberos. We’ve had enough interest in this lately, particularly around the idea of disabling it, that it seemed like a good idea to post about this again and add some more detail. The reason for the Shatneresque drama in the title is that there are times when you expect that the PAC validation disabling action should work to prevent PAC validation but it does not. If your environment is in a situation where disabling PAC validation is a priority then this can lead to some serious angst and maybe even some hair pulling if you see unexpected results. As a recap, PAC validation takes place when an application which is trusted for delegation attempts to reuse a Kerberos ticket from an impersonated or delegated user which it has already locally cached. This action essentially initiated a quick check to make sure that the PAC-which contains the core information on who the user is and what privileges in the environment he or she has-hasn’t been tampered with. | ||
|
Write Comment
Return to News |
Displaying 526 through 536 of 536 Prev | First |
The time now is
9:08:19 AM
ET.
Any comment problems? E-mail us |
|
Write Comment
Return to News |
Displaying 526 through 536 of 536 Prev | First |
The time now is
9:08:19 AM
ET.
Any comment problems? E-mail us |
