Created attachment 8138 [details] Patches for v4-0-test winbind: Extend wbcAuthenticateUserEx to provide PAC With this new interface, external applications that have authenticated to an ADS can pass the PAC from the Kerberos ticket to wbcAuthenticateUserEx. winbindd decodes and extracts the info3 information for the external application. If winbindd can verify the PAC signature, the info3 from the PACis also added to the netsamlogon_cache. The info3 data can be used by the external application to get the uid and primary gid. The data in netsamlogon_cache allows to retrieve the complete group list through the NSS function getgrouplist.
Comment on attachment 8138 [details] Patches for v4-0-test I'm glad this is able to make it into 4.0
Pushed to autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!