2.2.3 PA-PK-AS-REQ
The PA-PK-AS-REQ message format is specified in [RFC4556] section 3.2.1.<10>
PKAuthenticator in [RFC4556] is extended to add the following PAChecksum2<11>. If a checksum algorithm other than SHA-1 is used, this message MUST be present. If this field is present, it will always be validated even if it is SHA-1.
-
PAChecksum2 ::= SEQUENCE { checksum [0] OCTET STRING, algorithmIdentifier [1] KERB-ALGORITHM-IDENTIFIER }