2.6.2 PAC_CREDENTIAL_DATA

The PAC_CREDENTIAL_DATA structure defines an array of security package-specific credentials that are provided to the Kerberos client. The PAC_CREDENTIAL_DATA structure is marshaled by RPC [MS-RPCE].

The PAC_CREDENTIAL_DATA structure is defined as follows.

 typedef struct _PAC_CREDENTIAL_DATA {
   ULONG CredentialCount;
   [size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*];
 } PAC_CREDENTIAL_DATA, *PPAC_CREDENTIAL_DATA;

CredentialCount: A 32-bit unsigned integer that defines the number of elements in the Credentials member.

Credentials: An array of SECPKG_SUPPLEMENTAL_CRED (section 2.6.3) structures that define the supplemental credentials.

Note: As specified in section 2.6.1, this structure is encrypted prior to being encoded in any other structures. Encryption is performed by first serializing the data structure via Network Data Representation (NDR) encoding, as specified in [MS-RPCE]. Once serialized, the data is encrypted using the key and cryptographic system selected through the AS protocol and the KRB_AS_REP message (as specified in [RFC4120] section 3.1.3 and [RFC4556]). Fields (for capturing this information) and cryptographic parameters are specified in PAC_CREDENTIAL_INFO (section 2.6.1).