3.2.4 Higher-Layer Triggered Events
The application server initiates NTLM authentication through the SSPI.
GSS_Accept_sec_context
The server application calls GSS_Accept_sec_context() to establish a security context with the client. NTLM has no requirements on which flags are used and will simply honor what was requested by the application or protocol. For an example of such a protocol specification, see [MS-RPCE] section 3.3.1.5.2.2. The server application will send the CHALLENGE_MESSAGE (section 2.2.1.2) to the client application.
GSS_Wrap
After the security context is established, the server application can call GSS_WrapEx() (section 3.4.6) to encrypt messages.
GSS_Unwrap
Once the security context is established, the server application can call GSS_UnwrapEx() (section 3.4.7) to decrypt messages that were encrypted by GSS_WrapEx.
GSS_GetMIC
Once the security context is established, the server application can call GSS_GetMICEx() (section 3.4.8) to sign messages, producing an NTLMSSP_MESSAGE_SIGNATURE structure whose fields are defined in section 2.2.2.9.
GSS_VerifyMIC
Once the security context is established, the server application can call GSS_VerifyMICEx() (section 3.4.9) to verify a signature produced by GSS_GetMICEx().