共用方式為


2.2.4.1 KERB_VERIFY_PAC_REQUEST Message

The KERB_VERIFY_PAC_REQUEST Message used for PAC validation is defined as follows.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

MessageType

ChecksumLength

SignatureType

SignatureLength

ChecksumAndSignature (variable)

...

MessageType (4 bytes): An unsigned 32-bit value describing the message type. This member MUST be set to 0x00000003.

ChecksumLength (4 bytes): An unsigned 32-bit value that MUST contain the signature length of the PAC_SIGNATURE_DATA Signature value ([MS-PAC] section 2.8) for the Server Signature ([MS-PAC] section 2.8.4) in the privilege attribute certificate (PAC).

SignatureType (4 bytes): An unsigned 32-bit value that MUST contain the PAC_SIGNATURE_DATA SignatureType value for the Key Distribution Center (KDC) Signature ([MS-PAC] section 2.8.4) in the PAC.

SignatureLength (4 bytes): An unsigned 32-bit value that MUST contain the signature length of the PAC_SIGNATURE_DATA Signature value in the KDC Signature in the PAC.

ChecksumAndSignature (variable): The PAC_SIGNATURE_DATA Signature value for the Server Signature in the PAC. It MUST be followed by the PAC_SIGNATURE_DATA Signature value for the KDC Signature in the PAC.