Export (0) Print
Expand All

3.1.5.1.1.2 Using the User's Certificate to Identify the User

If Service 1 has the user certificate, it SHOULD present the certificate to the domain controller (DC) to identify the user.<11> To locate the user account object if the user's name is not available, Service 1 MUST send a KRB_AS_REQ message to its KDC with a PA_S4U_X509_USER (ID 130) padata that contains the client's X509 certificate encoded in ASN.1, as specified in [RFC3280].

 
Show:
© 2015 Microsoft