Re: InitializeSecurityContext on NT 4

• Previous message: Drew Cooper [MSFT]: "Re: Selecting certificates from certificate store (2)"
• In reply to: Rauno Uusitalo: "Re: InitializeSecurityContext on NT 4"
• Next in thread: Rauno Uusitalo: "Re: InitializeSecurityContext on NT 4"
• Reply: Rauno Uusitalo: "Re: InitializeSecurityContext on NT 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 12 Dec 2003 22:10:02 -0800

"Rauno Uusitalo" <rauno.uusitalo@no_spam.fi> wrote in message
news:eU9HXo$vDHA.2072@TK2MSFTNGP10.phx.gbl...
>I am (was) passing ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS |
> ISC_REQ_MUTUAL_AUTH. Seems that neither ISC_REQ_ALLOCATE_MEMORY nor
> ISC_REQ_USE_SUPPLIED_CREDS can be used on NT4. Removing those made the
> function work. But even without the ISC_REQ_USE_SUPPLIED_CREDS the
> authentication seems to be done according to the user credentials supplied
> (in the AcquireCredentialsHandle call). So what is the purpose of
> ISC_REQ_USE_SUPPLIED_CREDS? Or is it a default on NT4 and functioning only
> in later operating systems?

ISC_REQ_ALLOCATE_MEMORY should work on NT4, but I don't have an NT4 machine
handy to try it. NTLM can't perform mutual authentication, so it should be
rejecting the
ISC_REQ_MUTUAL_AUTH flag on NT4. ISC_REQ_USE_SUPPLIED_CREDS is
a remnant, and you should probably ignore it for now.

> The AcquireCredentialsHandle call is also puzzling. Atleast in Windows
> 2000
> and XP the way of specifying the credentials (for the SPNEGO) goes through
> a
> SEC_WINNT_AUTH_IDENTITY_EX structure. The SEC_WINNT_AUTH_IDENTITY won't
> work. On the NT4 it is vice versa. Only the SEC_WINNT_AUTH_IDENTITY works.
> Is it so that each SSP needs it's own structure?

SEC_WINNT_AUTH_IDENTITY_EX was introduced in Windows 2000, so it
makes sense that NT4 doesn't understand it. However, the packages should
all
work with the non-EX version on Windows 2000 and later, so long as the
fields are
all initialized. How are you filling in the structure?

• Previous message: Drew Cooper [MSFT]: "Re: Selecting certificates from certificate store (2)"
• In reply to: Rauno Uusitalo: "Re: InitializeSecurityContext on NT 4"
• Next in thread: Rauno Uusitalo: "Re: InitializeSecurityContext on NT 4"
• Reply: Rauno Uusitalo: "Re: InitializeSecurityContext on NT 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Group Policy ... Our school district is migrating from NT4 to Win2K. ... we had a policy that we built for NT and 95/98 ... clients to require authentication. ... but my 95/98 workstations still give me the ... (microsoft.public.security) Re: How to Fallback NT Domain incase of fail ... In fact after the NT4 Upgrade ... authentication with Kerberos can't authenticate with the "old" BDC. ... you w2k3 dcs and nt4 dcs.... ... (microsoft.public.win2000.active_directory) Re: Mixed security ... Authentication section can be set only once on web app. ... separate web applications. ... Matjaz Ladava, MCSE (NT4 & 2000) ... > and re-logged in using Forms, but not prompted for a username password. ... (microsoft.public.dotnet.framework.aspnet.security) Re: FormsAuthentication Fails ... but you have to obey the rules for forms authentication. ... Matjaz Ladava, MCSE (NT4 & 2000) ... "Caroline Bogart" wrote in message ... (microsoft.public.dotnet.framework.aspnet.security) Re: FormsAuthentication Fails ... but you have to obey the rules for forms authentication. ... on how to propery use forms authentication using external database. ... Matjaz Ladava, MCSE (NT4 & 2000) ... (microsoft.public.dotnet.framework.aspnet.security)