IIS Server Security - Re: Authentication using Distinguished name instead of Certificate

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > December 2005 > Re: Authentication using Distinguished name instead of Certificate





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Authentication using Distinguished name instead of Certificate
Daniel Corbett

2005-12-27, 6:06 pm

LsaLogonUser with KerbS4ULogon set, uses the KERB_S4U_LOGON data structure.
This doesn't even have a field for the password. The point of using this is
to log the user on WITHOUT a password.... With the right set of permissions
I should be able to do this. This is the same thing which is done when the
system receives a certificate. There IS no "password" when you receive a
certificate, why should there be here?

Thanks,

- Daniel

""Yuan Ren[MSFT]"" wrote:

> Hi,
>
> Thanks for your reply!
>
> user but I am now getting this error:"
>
> As far as I know, if you want to use the LsaLogonUser method, you need
> supply a credential to make the method works fine. As MSDN document's
> description like the link below:
> http://msdn.microsoft.com/library/e...logonuser.asp?f
> rame=true
>
> I think the credential information is different with distinguished name in
> Active Directory. The credential information must contain a password which
> has been hashed or encrypted. If you used impersonated token as credential
> information, I think it might not work well.
>
> Could you please give me more details about how to create credential
> information in your application? It'll help me to understand your issue
> clearly.
>
> Regards,
>
> Yuan Ren [MSFT]
> Microsoft Online Support
>
>
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com