3.1.1.1 Variables Internal to the Protocol

ClientConfigFlags: The set of client configuration flags (section 2.2.2.5) that specify the full set of capabilities of the client.

ExportedSessionKey: A 128-bit (16-byte) session key used to derive ClientSigningKey, ClientSealingKey, ServerSealingKey, and ServerSigningKey.

NegFlg: The set of configuration flags (section 2.2.2.5) that specifies the negotiated capabilities of the client and server for the current NTLM session.

User: A string that indicates the name of the user.

UserDom: A string that indicates the name of the user's domain.

The following NTLM configuration variables are internal to the client and impact all authenticated sessions:

NoLMResponseNTLMv1: A Boolean setting that SHOULD<35> control using the NTLM response for the LM response to the server challenge when NTLMv1 authentication is used. The default value of this state variable is TRUE.

ClientBlocked: A Boolean setting that SHOULD<36> disable the client from sending NTLM authenticate messages, as defined in section 2.2.1.3. The default value of this state variable is FALSE.

ClientBlockExceptions: A list of server names that SHOULD<37> use NTLM authentication. The default value of this state variable is NULL.

ClientRequire128bitEncryption: A Boolean setting that requires the client to use 128-bit encryption.<38>

The following variables are internal to the client and are maintained for the entire length of the authenticated session:

MaxLifetime: An integer that indicates the maximum lifetime for challenge/response pairs.<39>

ClientSigningKey: The signing key used by the client to sign messages and used by the server to verify signed client messages. It is generated after the client is authenticated by the server and is not passed over the wire.

ClientSealingKey: The sealing key used by the client to seal messages and used by the server to unseal client messages. It is generated after the client is authenticated by the server and is not passed over the wire.

SeqNum: A 4-byte sequence number (section 3.4.4).

ServerSealingKey: The sealing key used by the server to seal messages and used by the client to unseal server messages. It is generated after the client is authenticated by the server and is not passed over the wire.

ServerSigningKey: The signing key used by the server to sign messages and used by the client to verify signed server messages. It is generated after the client is authenticated by the server and is not passed over the wire.