3.1.5.4 RemoteCallKerbCreateApReqAuthenticator

The RemoteCallKerbCreateApReqAuthenticator call uses the Kerberos CreateApReqAuthenticator message (section 2.2.2.1.4) to process a message exchange that creates an authenticator for inclusion in a KRB_AP_REQ message ([RFC4120] section 5.5.1).

To perform this message exchange, the CredSSP server MUST send a KerbCredIsoRemoteInput object to the CredSSP client. The CallId field MUST be set to RemoteCallKerbCreateApReqAuthenticator, and the CreateApReqAuthenticator member of the union MUST be populated.

To reply to the preceding input message, the CredSSP client MUST respond with a KerbCredIsoRemoteOutput object. The CallId field MUST be set to RemoteCallKerbCreateApReqAuthenticator, and the CreateApReqAuthenticator member of the union MUST be populated.