2.8.5 KDC Signature

The KDC signature is a counter signature of the server signature, so it MUST be computed after the server signature. It is calculated last and always zero when the PAC signatures are calculated.

The KDC signature is generated by the issuing KDC and depends on the cryptographic algorithms available to the KDC. The ulType field of the PAC_INFO_BUFFER (section 2.4) corresponding to the KDC signature will contain the value 0x00000007.  The SignatureType MUST be one of the values defined in the table in section 2.8. The Key Usage Number MUST be KERB_NON_KERB_CKSUM_SALT [17] [MS-KILE] (section 3.1.5.9). The KDC will use KDC (krbtgt) key [RFC4120], so that other KDCs can verify this signature on receiving a PAC

The KDC signature is a keyed hash [RFC4757] of the Server Signature field in the PAC message. The cryptographic system that is used to calculate the checksum depends on which system the KDC supports, as defined in the following table.

If the KDC:

Then the cryptographic system is:

Supports RC4-HMAC

KERB_CHECKSUM_HMAC_MD5

Does not support RC4-HMAC and supports AES256

HMAC_SHA1_96_AES256<20>

Does not support RC4-HMAC or AES256-CTS-HMAC-SHA1-96, and supports AES128-CTS-HMAC-SHA1-96

HMAC_SHA1_96_AES128<21>

Does not support RC4-HMAC, AES128-CTS-HMAC-SHA1-96 or AES256-CTS-HMAC-SHA1-96

None. The checksum operation will fail.

The resulting hash is placed in the Signature field of the KDC's PAC_SIGNATURE_DATA structure.