RE: User Password History
From: Denis Galiana (denis.galiana_at_nospam.nospam)
Date: 01/27/05
- Previous message: Phoebe: "patch info for advapi32.dll in win2k sp4"
- In reply to: Rhett Gong [MSFT]: "RE: User Password History"
- Next in thread: Rhett Gong [MSFT]: "RE: User Password History"
- Reply: Rhett Gong [MSFT]: "RE: User Password History"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jan 2005 02:59:01 -0800
Hi Rhett,
What I want to do exactly is encrypt a secret data in the user session
(stored in a AD attribute, for instance), so only him can decrypt it.
Todays, I have a solution : I derive a key from the user password; I get the
user password (and its changes, if done by the user, ie, not forced by the
admin) according to a GINA stub that provides me the user password (and the
old one, when it has changed).
This has some drawbacks : when the user changes his password on a PC that do
not have the stub or if the admin forces the user password, the user cannot
decipher the secret data.
So, I've found that DPAPI solved my problems, but it stores data in the user
profile, requiring roaming profile for mobile users.
If I could find a way to do the same without anything in the user profile
and without a GINA stub, I would be very pleased.
Best Regards,
Denis Galiana
- Previous message: Phoebe: "patch info for advapi32.dll in win2k sp4"
- In reply to: Rhett Gong [MSFT]: "RE: User Password History"
- Next in thread: Rhett Gong [MSFT]: "RE: User Password History"
- Reply: Rhett Gong [MSFT]: "RE: User Password History"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
