188.8.131.52.4 Initial Population of the PAC
For KILE implementations that use Active Directory for the account database, the KDC will create a PAC. During processing of the AS request, the KDC searches Active Directory for the user or computer account that matches the cname that was sent in the AS-REQ message. The KDC then creates the PAC structure [MS-PAC] and encodes that into the TGT using the AD-IF-RELEVANT element ([RFC4120] section 184.108.40.206). The KDC MUST ensure that the PAC structure specified in [MS-PAC] does not end with a zero-length buffer.