handling of kerberos error in w2k

Lara Adianto m1r4cle_26 at yahoo.com
Mon Jun 21 21:37:27 EDT 2004


>When KDC_ERR_PREAUTH_REQUIRED is returned by the KDC,
>the client will examine the KRB_ERROR data to
determine
>if the client understands the desired type of
>pre-authentication
>data which is required.  If it does, it will simply
>return the
>necessary information.  If it does and requires user
>input
>the Kerberos SSP/AP will prompt the user for the
>necessary
>input.  If the required pre-auth data cannot be
>provided the
>Kerberos SSP/AP will return a failure code to the LSA
>which
>in turn will log to the event log.

>Jeffrey Altman

thanks for the reply jeffrey,

you mean it's the SSP who will prompt the user for
input, and not the GINA ? Do you happen to know the
name of the function which does that ? I can't find
any in 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/authentication_functions.asp,
I thought that SSP is supposed to tell GINA, so that
GINA can invoke WlxDisplayStatusMessage or
WlxMessageBox ?

lara

=====
------------------------------------------------------------------------------------ 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -
------------------------------------------------------------------------------------


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail


More information about the Kerberos mailing list