3.3.5.1 Generating the DIGEST_VALIDATION_REQ Message

The Digest server MUST construct the DIGEST_VALIDATION_REQ (section 2.2.5.1) message by using fields extracted from the digest-challenge and digest-response messages ([RFC2617] section 3.2 and [RFC2831] section 2.1). This message MUST be sent to the DC to verify the validity of the user's signature (keyed hash performed with the user's password) and to retrieve the privilege attribute certificate (PAC) for the user's account. If the DC cannot be contacted for any reason, the Digest server fails the authentication attempt.

The DIGEST_VALIDATION_REQ message MUST be packed as a contiguous buffer, and the encoded data sent by using the generic pass-through mechanism ([MS-NRPC] section 3.2.4.1). The encoding of the DIGEST_VALIDATION_REQ is as specified in section 2.2.5.1. The PackageName ([MS-NRPC] section 3.2.4.1) in the NETLOGON_GENERIC_INFO structure ([MS-NRPC] section 2.2.1.4.2) MUST be WDigest. The AlgType field of the DIGEST_VALIDATION_REQ (section 2.2.5.1) message SHOULD<25> be set to 0x03.