3.3.5.6.4.4 KDC Signatures

The KDC creates a keyed hash ([RFC4757]) of the Server Signature field using the strongest "krbtgt" account key and populates the returned PAC_SIGNATURE_DATA structure field ([MS-PAC] section 2.8) as follows:

  • The SignatureType is the value ([MS-PAC] section 2.8) corresponding to the cryptographic system used to calculate the checksum.

  • The Signature field is the keyed hash ([RFC4757]) of the Server Signature field in the PAC message.