2.4 PAC_INFO_BUFFER

Following the PACTYPE (section 2.3) structure is an array of PAC_INFO_BUFFER structures each of which defines the type and byte offset to a buffer of the PAC. The PAC_INFO_BUFFER array has no defined ordering. Therefore, the order of the PAC_INFO_BUFFER buffers has no significance. However, once the Key Distribution Center (KDC) and server signatures are generated, the ordering of the buffers MUST NOT change, or signature verification of the PAC contents will fail.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ulType

cbBufferSize

Offset

...

ulType (4 bytes): A 32-bit unsigned integer in little-endian format that describes the type of data present in the buffer contained at Offset.

Value

Meaning

0x00000001

Logon information (section 2.5). PAC structures MUST contain one buffer of this type. Additional logon information buffers MUST be ignored.

0x00000002

Credentials information (section 2.6). PAC structures SHOULD NOT contain more than one buffer of this type, based on constraints specified in section 2.6. Second or subsequent credentials information buffers MUST be ignored on receipt.

0x00000006

Server checksum (section 2.8). PAC structures MUST contain one buffer of this type. Additional logon server checksum buffers MUST be ignored.

0x00000007

KDC (privilege server) checksum (section 2.8). PAC structures MUST contain one buffer of this type. Additional KDC checksum buffers MUST be ignored.

0x0000000A

Client name and ticket information (section 2.7). PAC structures MUST contain one buffer of this type. Additional client and ticket information buffers MUST be ignored.

0x0000000B

Constrained delegation information (section 2.9). PAC structures MUST contain one buffer of this type for Service for User to Proxy (S4U2proxy) [MS-SFU] requests and none otherwise. Additional constrained delegation information buffers MUST be ignored.

0x0000000C

User principal name (UPN) and Domain Name System (DNS) information (section 2.10). PAC structures SHOULD NOT<3> contain more than one buffer of this type. Second or subsequent UPN and DNS information buffers MUST be ignored on receipt.

0x0000000D

Client claims information (section 2.11). PAC structures SHOULD NOT<4> contain more than one buffer of this type. Additional client claims information buffers MUST be ignored.

0x0000000E

Device information (section 2.12). PAC structures SHOULD NOT<5> contain more than one buffer of this type. Additional device information buffers MUST be ignored.

0x0000000F

Device claims information (section 2.13). PAC structures SHOULD NOT<6> contain more than one buffer of this type. Additional device claims information buffers MUST be ignored.

cbBufferSize (4 bytes): A 32-bit unsigned integer in little-endian format that contains the size, in bytes, of the buffer in the PAC located at Offset.

Offset (8 bytes): A 64-bit unsigned integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the PACTYPE structure (section 2.3). The data offset MUST be a multiple of eight. The following sections specify the format of each type of element.