The AV_PAIR structure defines an attribute/value pair. Sequences of AV_PAIR structures are used in the CHALLENGE_MESSAGE (section 184.108.40.206) directly. They are also in the AUTHENTICATE_MESSAGE (section 220.127.116.11) via the NTLMv2_CLIENT_CHALLENGE (section 18.104.22.168) structure.
Although the following figure suggests that the most significant bit (MSB) of AvId is aligned with the MSB of a 32-bit word, an AV_PAIR can be aligned on any byte boundary and can be 4+N bytes long for arbitrary N (N = the contents of AvLen).
AvId (2 bytes): A 16-bit unsigned integer that defines the information type in the Value field. The contents of this field MUST be one of the values from the following table. The corresponding Value field in this AV_PAIR MUST contain the information specified in the description of that AvId.
Indicates that this is the last AV_PAIR in the list. AvLen MUST be 0. This type of information MUST be present in the AV pair list.
The server's NetBIOS computer name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
The server's NetBIOS domain name. The name MUST be in Unicode, and is not null-terminated. This type of information MUST be present in the AV_pair list.
The fully qualified domain name (FQDN) of the computer. The name MUST be in Unicode, and is not null-terminated.
The FQDN of the domain. The name MUST be in Unicode, and is not null-terminated.
A 32-bit value indicating server or client configuration.
0x00000001: Indicates to the client that the account authentication is constrained.
0x00000002: Indicates that the client is providing message integrity in the MIC field (section 22.214.171.124) in the AUTHENTICATE_MESSAGE.<13>
0x00000004: Indicates that the client is providing a target SPN generated from an untrusted source.<14>
The SPN of the target server. The name MUST be in Unicode and is not null-terminated.<17>
A channel bindings hash. The Value field contains an MD5 hash ([RFC4121] section 126.96.36.199) of a gss_channel_bindings_struct ([RFC2744] section 3.11). An all-zero value of the hash is used to indicate absence of channel bindings.<18>
AvLen (2 bytes): A 16-bit unsigned integer that defines the length, in bytes, of the Value field.
Value (variable): A variable-length byte-array that contains the value defined for this AV pair entry. The contents of this field depend on the type expressed in the AvId field. The available types and resulting format and contents of this field are specified in the table within the AvId field description in this topic.
When AV pairs are specified, MsvAvEOL MUST be the last item specified. All other AV pairs, if present, can be specified in any order.