handling of kerberos error in w2k
Lara Adianto
m1r4cle_26 at yahoo.com
Mon Jun 21 21:37:27 EDT 2004
>When KDC_ERR_PREAUTH_REQUIRED is returned by the KDC,
>the client will examine the KRB_ERROR data to
determine
>if the client understands the desired type of
>pre-authentication
>data which is required. If it does, it will simply
>return the
>necessary information. If it does and requires user
>input
>the Kerberos SSP/AP will prompt the user for the
>necessary
>input. If the required pre-auth data cannot be
>provided the
>Kerberos SSP/AP will return a failure code to the LSA
>which
>in turn will log to the event log.
>Jeffrey Altman
thanks for the reply jeffrey,
you mean it's the SSP who will prompt the user for
input, and not the GINA ? Do you happen to know the
name of the function which does that ? I can't find
any in
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/authentication_functions.asp,
I thought that SSP is supposed to tell GINA, so that
GINA can invoke WlxDisplayStatusMessage or
WlxMessageBox ?
lara
=====
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
More information about the Kerberos
mailing list