|
Posted by on June 28, 2005, 5:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
I have developed a Credential Manager which implements the standard
NPLogonNotify function. In my function I am simply logging the value of
the lpAuthentifoType parameter. It always receives type
"MSV1_0:Interactive" - even for smart card authentication. The
documentation for NPLogonNotify says the following:
---
When Microsoft is the primary authenticator, in other words, when
lpAuthentifoType is "MSV1_0:Interactive" or "Kerberos:Interactive", the
structure used is MSV1_0_INTERACTIVE_LOGON or KERB_INTERACTIVE_LOGON.
---
In my case, Microsoft is the primary authenticator and I have done
everything I can find to do to enable Kerberos authentication - so I
expect to really receive the auth type "Kerberos:Interactive".
I am testing using a client on XP Pro SP2 in the stock configuration,
i.e. MSGina.dll/Winlogon handling authentication. I have tested using a
test smart card as well as manually entering credential in the CAD
dialog (in the form username@mydomain.com). I am authenticating to a
W2003 server (PDC/AD server). Have also tested against W2000 server,
same behavior. There are no cross-realm issues, no time-synch issues, I
have verified certificates, I have ran KerbTray to verify tickets, I
have used various other server resource kit tools - all are happy and
report sanity.
Interestingly, I have turned on Kerberos event logging on the client
and log reports that the Kerberos authentication package successfully
authenticates my test user for an interactive logon session. But alas,
my Credential manager only gets a MSV1_0 logon notification.
Does NPLogonNotify ever receive Kerberos:Interactive logon
notifications? And if so, under what circumstances?
Thanks!
WR
|
| Similar Threads | Posted | | Auth and name resolution over external trust | August 22, 2006, 2:28 pm |
| Auth Users constantly removed from WUAUSERV security descriptor | October 24, 2005, 1:06 pm |
| Re: I receive the same email from "Microsoft Customer Support" ev | November 17, 2007, 8:16 pm |
| I receive the same email from "Microsoft Customer Support" every day! | November 7, 2007, 5:04 am |
| I receive the same email reminding reset password from "microsoft" every day! | November 7, 2007, 5:11 am |
| Is this statement true, gurus? | January 7, 2009, 4:04 am |
| PKY gurus: why it is not necessary to install a cert under "Public | July 23, 2005, 12:16 am |
| Deny interactive login | August 30, 2005, 11:20 am |
| Gurus: server on perimeter vs. corporate advice | August 15, 2005, 11:36 pm |
| Disabling Interactive Logon Against Security Group | August 14, 2006, 6:43 am |
|
XML site map