Re: Does LsaLogonUser support local users?
From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 04/29/04
- Next message: Sahil: "Certificate Policies in CAPICOM"
- Previous message: Richard Ward: "Re: Does LsaLogonUser support local users?"
- In reply to: paul yang: "Does LsaLogonUser support local users?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 08:55:10 +0200
Hi,
KERB_S4U_LOGON is a special logon type that requires W2K3 AD (on W2K3
functional level) and therefore this type logon is not supported for users
that is not part of W2K3 AD. Other types of kerberos logon also require AD
(kerbInteractiveLogon, kerbSmartCardLogon, ...), however work with AD of W2K
functional level.
Non-kerberos logon types (interactive, network, batch, service...) could be
used with local users.
-Valery.
"paul yang" <pyang@rsasecurity.com> wrote in message
news:458f5504.0404281659.38ff1844@posting.google.com...
> Hi,
>
> I wonder if I can pass a local user instead of a domain to
> LsalogonUser and get a token back?
>
> I noticed that the KERB_S4U_LOGON structure requires a username in UPN
> format, but local users don't have UPN available. So LsaLogonUser
> might not be used for local users.
>
> Does anyone have a definite answer for this?
>
> Thanks.
>
> Paul
- Next message: Sahil: "Certificate Policies in CAPICOM"
- Previous message: Richard Ward: "Re: Does LsaLogonUser support local users?"
- In reply to: paul yang: "Does LsaLogonUser support local users?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
