188.8.131.52.3 Generating a Return NL_AUTH_MESSAGE Token
Upon successful verification and extraction of data from the initial token, the server verifies that a successful session-key negotiation has occurred by the presence of the Session-Key data item for the client. If no negotiation has occurred, the server MUST return SEC_E_INVALID_TOKEN (0x80090308) indicating that an invalid token has been received.
The server generates a return NL_AUTH_MESSAGE (section 184.108.40.206.1) token. The MessageType MUST be set to 1 to indicate that this is a Negotiate response message type, the Flags field is set to zero, the Buffer field contains a NULL character, and the NL_AUTH_MESSAGE token MUST be padded to 12 bytes in length.
The return NL_AUTH_MESSAGE token is then sent back to the client along with any additional application-specific data.