Share via

3.1.5.6 RemoteCallKerbUnpackKdcReplyBody

  • Article

The RemoteCallKerbUnpackKdcReplyBody call uses the Kerberos UnpackKdcReplyBody message (section 2.2.2.1.6) to decrypt the encrypted part of a KRB_KDC_REP message ([RFC4120] section 5.4.2). The type of reply indicated by the PDU MUST be zero. The KeyUsage field allows the caller to specify either the AS_REP (3) or TGS_REP (8) key derivation types.<5>

To perform this message exchange, the CredSSP server MUST send a KerbCredIsoRemoteInput object to the CredSSP client. The CallId field MUST be set to RemoteCallKerbUnpackKdcReplyBody, and the UnpackKdcReplyBody member of the union MUST be populated.

To reply to the preceding input message, the CredSSP client MUST respond with a KerbCredIsoRemoteOutput object. The CallId field MUST be set to RemoteCallKerbUnpackKdcReplyBody, and the UnpackKdcReplyBody member of the union MUST be populated.