2.2.2.1.2 BuildAsReqAuthenticator

When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbBuildAsReqAuthenticator.

 struct
 {
     KERB_RPC_ENCRYPTION_KEY* EncryptionKey;
     KERB_RPC_ENCRYPTION_KEY* ArmorKey; // optional
     PLARGE_INTEGER TimeSkew;
 } BuildAsReqAuthenticator;

EncryptionKey: The Kerberos key used to protect the Key Distribution Center (KDC) reply.

ArmorKey: An optional FAST armor key. Specify only when an EncryptedChallenge padata-value is needed in the request. When specified, the ArmorKey is combined with the EncryptionKey to derive a FAST challenge key. See [RFC6113] section 5.4.6.

TimeSkew: Adjustment to be applied to local system time. This is used to bring the encrypted authenticator in sync with the KDC time.

When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbBuildAsReqAuthenticator.

 struct
 {
     LONG PreauthDataType;
     KERB_RPC_OCTET_STRING PreauthData;
 } BuildAsReqAuthenticator;

PreauthDataType: The padata-type of the PreauthData. See [RFC4120], section 5.2.7.

PreauthData: The padata-value to be included in the KRB_AS_REQ message.