Application Kerberization

[Janos]

Good day (again)! 

The Situation: We have two networking applications on Windows 2000 platform that communicate with each other (they send plaintext messages) via TCP/IP protocol. One of them is the client the other, consequently, is the server. The network security supports MS (yuck!) version of Kerberos. Well I used Leash from standard KfW distribution avaliable on MIT site and found that it can work with the MS version. That is no problem...

The Problem: I had been asked to kerberize the above mentioned two applications (client and server). I used the functions from kclnt32.dll, so the client application can communicate with kerberos server and manage tickets now. The questions now are:

1) How can the client send the key encrypted message to the server? Is it done by a function call, or is it done automaticly by the LSA? Do I need to think about it all during application development? 

2) How does the server respond to the incoming  messages, how does it send back the information to the client to authorizeite itself? (To be simple - where are those functions and their descritions?)

3) Can I find a way to get a detailed programming FAQ for K. under Windows (other than writing it myself)? Or at least I could use some descriptions of functions stored in your DLLs.

Goodbye, with best regards,
J.