2.2.2.1.13 DecryptPacCredentials
The DecryptPacCredentials structure is used to decrypt the supplemental credentials that are returned in the PAC ([MS-PAC]) by the KDC in a reply message. For more details see section 3.1.5.13.
When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbDecryptPacCredentials.
-
struct { KERB_RPC_ENCRYPTION_KEY* Key; ULONG Version; ULONG EncryptionType; ULONG DataSize; [size_is(DataSize)] UCHAR* Data; } DecryptPacCredentials;
Key: A pointer to a KERB_RPC_ENCRYPTION_KEY structure (section 2.2.1.2.8) that contains the key needed to decrypt the credentials.
Version: A ULONG that indicates the version in the PAC_CREDENTIAL_INFO structure Version field ([MS-PAC] section 2.6.1), as supplied in the Privilege Attribute Certificate (PAC).
EncryptionType: A ULONG that indicates the Kerberos etype used for encryption. Kerberos parameters are documented in [KERB-PARAM].
DataSize: A ULONG that indicates the size of the credentials from a PAC_CREDENTIAL_INFO structure.
Data: The credential data from a PAC_CREDENTIAL_INFO structure SerializedData field.
When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbDecryptPacCredentials.
-
struct { PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials; } DecryptPacCredentials;
Credentials: A pointer to a SECPKG_SUPPLEMENTAL_CRED_ARRAY structure (section 2.2.1.2.7) that contains the decoded array of credentials supplied by the KDC.