bofh wrote:
http://msdn2.microsoft.com/en-us/library/ms818754.aspx
Read the page topic and search for the word "PAC "
Several links in it appears to confirm that a broken version of Kerberos
is still used:
"The Kerberos Authentication Group Membership
Extensions extend the Kerberos Authentication
Network Service (version 5) specification..."
Extend == not a standard anymore.
Yes a client can be hacked, and many appear to be, to accommodate a
non-standard protocol. But at the end of the day it's still not a
standard.
-Lars
