3.1.5.2.1 Verifying Responses with Sub-Authentication Packages

The request to verify by a subauthentication package SHOULD<24> be indicated by the ParameterControl field of the LogonInformation parameter.

An example of subauthentication package usage occurs with remote access authentications using the CHAP ([RFC1994]) method. In such cases, response computation of a MD5 hash value ([RFC1994]) is used instead of NTOWF.

Using the NRPC generic pass-through ([MS-NRPC] section 3.2.4.1) can result in invoking a custom subauthentication package at the DC, per the indication of the ParameterControl field of the LogonInformation parameter. In this case, such a subauthentication package MUST serve as a custom response verification instead of using the method specified by section 3.3 of [MS-NLMP]. For more information about this subauthentication package, see [MSDN-0SUBAUTHROUTINE9].

Show: