[cifs-protocol] [MS-KILE] Certificate strings

Joseph Sutton jsutton at samba.org
Fri Aug 18 02:26:03 UTC 2023

Hi dochelp,

[MS-KILE], “PAC_CLIENT_CLAIMS_INFO Structure”, mentions that 
the KDC should call GetClaimsForPrincipal() to get the claims blob with 
which to populate the PAC_CLIENT_CLAIMS_INFO structure. One of the 
parameters to GetClaimsForPrincipal(), namely 
“pCertificateStringsArray”, comprises “[a] set of Unicode strings”, but 
nothing is said as to how these strings are to be derived from the 
client’s certificate.

Can you outline the procedure by which these strings are formed, and 
perhaps provide an example of such a string?


More information about the cifs-protocol mailing list