2.2.2.1.2 BuildAsReqAuthenticator
The BuildAsReqAuthenticator structure is used to create an AS_REQ message authenticator for inclusion in a KRB_AS_REQ message to the KDC [RFC4120].
When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbBuildAsReqAuthenticator.
-
struct { KERB_RPC_ENCRYPTION_KEY* EncryptionKey; KERB_RPC_ENCRYPTION_KEY* ArmorKey; // optional PLARGE_INTEGER TimeSkew; } BuildAsReqAuthenticator;
EncryptionKey: A KERB_RPC_ENCRYPTION_KEY structure (section 2.2.1.2.8) that contains the Kerberos key used to protect the Key Distribution Center (KDC) reply.
ArmorKey: Optional. A KERB_RPC_ENCRYPTION_KEY structure (section 2.2.1.2.8) that contains the FAST armor key. Specify only when an EncryptedChallenge padata-value ([RFC4120]) is needed in the request. When specified, the ArmorKey is combined with the EncryptionKey to derive a FAST challenge key. See [RFC6113] section 5.4.6.
TimeSkew: A LARGE_INTEGER ([MS-DTYP] section 2.3.5) that contains the adjustment to be applied to local system time. This is used to bring the encrypted authenticator in sync with the KDC time.
When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbBuildAsReqAuthenticator.
-
struct { LONG PreauthDataType; KERB_RPC_OCTET_STRING PreauthData; } BuildAsReqAuthenticator;
PreauthDataType: A LONG ([MS-DTYP] section 2.2.27) that contains the padata-type of the PreauthData. See [RFC4120], section 5.2.7.
PreauthData: A KERB_RPC_OCTET_STRING structure (section 2.2.1.2.2) that contains the padata-value to be included in the KRB_AS_REQ message ([RFC4120]).