3 Protocol Details

The Remote Certificate Mapping Protocol utilizes the generic pass-through mechanism, as specified in [MS-NRPC] section, using Microsoft Unified Security Protocol Provider. The exchanged messages are SSL_CERT_LOGON_REQ and SSL_CERT_LOGON_RESP. When the account is found, the associated authorization data (for example, group memberships) is encoded as a PAC, as specified in [MS-PAC], and sent back to the Remote Certificate Mapping Protocol client. If no matching account is found, an error is returned to the client, as specified in section 3.5.2.