22.214.171.124.1 Verifying Responses with Sub-Authentication Packages
The request to verify by a sub-authentication package is indicated by the ParameterControl field of the LogonInformation parameter.<26>
An example of sub-authentication package usage occurs with remote access authentications using the CHAP ([RFC1994]) method. In such cases, response computation of a MD5 hash value ([RFC1994]) is used instead of NTOWF.
Using the NRPC generic pass-through ([MS-NRPC] section 126.96.36.199) MAY result in invoking a custom sub-authentication package at the DC, per the indication of the ParameterControl field of the LogonInformation parameter. In this case, such a sub-authentication package MUST serve as a custom response verification instead of using the method specified by section 3.3 of [MS-NLMP]. For more information about this sub-authentication package, see [MSDN-0SUBAUTHROUTINE9].