handling of kerberos error in win2k

Mon Jun 21 03:01:35 EDT 2004

Hi,

I'm experimenting with MIT KDC and windows 2000 as the
client that authenticates to MIT KDC, and I might need
to replace the GINA in the windows client in order to
achieve what I want. 

Does anybody know, in windows 2000, who (LSA, GINA,
SSP) handles the following issue and how it is handled
?
1. If the authentication is failed because MIT KDC
returns KDC_ERR_PREAUTH_REQUIRED or
KDC_ERR_KEY_EXPIRED, how does the SSP (I believe it's
SSP who captured this error from KDC) tell the GINA
about the failed login ? Will SSP tell GINA the exact
error message (KDC_ERR_PREAUTH_REQUIRED or
KDC_ERR_KEY_EXPIRED) or will SSP return another type
of error code or even a general error code (in this
case GINA is not aware of what caused the error) ?

2. who (GINA, LSA,...) logs the error to event viewer
?

This might not be the right forum to discuss it, but
I'm not sure to which mailing list I can address this
issue 

thank you,
lara

=====
------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 