handling of kerberos error in w2k

Lara Adianto m1r4cle_26 at yahoo.com
Mon Jun 21 21:37:27 EDT 2004

>When KDC_ERR_PREAUTH_REQUIRED is returned by the KDC,
>the client will examine the KRB_ERROR data to
>if the client understands the desired type of
>data which is required.  If it does, it will simply
>return the
>necessary information.  If it does and requires user
>the Kerberos SSP/AP will prompt the user for the
>input.  If the required pre-auth data cannot be
>provided the
>Kerberos SSP/AP will return a failure code to the LSA
>in turn will log to the event log.

>Jeffrey Altman

thanks for the reply jeffrey,

you mean it's the SSP who will prompt the user for
input, and not the GINA ? Do you happen to know the
name of the function which does that ? I can't find
any in 
I thought that SSP is supposed to tell GINA, so that
GINA can invoke WlxDisplayStatusMessage or
WlxMessageBox ?


La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -

Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.

More information about the Kerberos mailing list