2.2.4.1 KERB_VERIFY_PAC_REQUEST Message
The KERB_VERIFY_PAC_REQUEST Message used for PAC validation is defined as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
MessageType |
|||||||||||||||||||||||||||||||
|
ChecksumLength |
|||||||||||||||||||||||||||||||
|
SignatureType |
|||||||||||||||||||||||||||||||
|
SignatureLength |
|||||||||||||||||||||||||||||||
|
ChecksumAndSignature (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
MessageType (4 bytes): An unsigned 32-bit value describing the message type. This member MUST be set to 0x00000003.
ChecksumLength (4 bytes): An unsigned 32-bit value that MUST contain the signature length of the PAC_SIGNATURE_DATA Signature value ([MS-PAC] section 2.8) for the Server Signature ([MS-PAC] section 2.8.1) in the privilege attribute certificate (PAC).
SignatureType (4 bytes): An unsigned 32-bit value that MUST contain the PAC_SIGNATURE_DATA SignatureType value for the Key Distribution Center (KDC) Signature ([MS-PAC] section 2.8.1) in the PAC.
SignatureLength (4 bytes): An unsigned 32-bit value that MUST contain the signature length of the PAC_SIGNATURE_DATA Signature value in the KDC Signature in the PAC.
ChecksumAndSignature (variable): The PAC_SIGNATURE_DATA Signature value for the Server Signature in the PAC. It MUST be followed by the PAC_SIGNATURE_DATA Signature value for the KDC Signature in the PAC.