3.1.5.9 RemoteCallKerbPackApReply
The RemoteCallKerbPackApReply call uses the Kerberos PackApReply message (section 2.2.2.1.9) to take a KRB_AP_REP, EncAPRepPart, and key. The EncAPRepPart is encrypted using the key, then added to the KRB_AP_REP. The resulting Kerberos AP reply is then DER-encoded and returned via an output message. [RFC4120] section 3.2 defines the client/server authentication exchange.
To perform this message exchange, the CredSSP server MUST send a KerbCredIsoRemoteInput object to the CredSSP client. The CallId field MUST be set to RemoteCallKerbPackApReply, and the PackApReply member of the union MUST be populated.
To reply to the preceding input message, the CredSSP client MUST respond with a KerbCredIsoRemoteOutput object. The CallId field MUST be set to RemoteCallKerbPackApReply, and the PackApReply member of the union MUST be populated.