Re: Disable PIN prompt in Smart Card Logon

From: Ivailo Petrov (ipetrov_at_san.rr.com)
Date: 06/07/05

• Next message: Sam Hobbs: "Re: Enumerating current login windows from LocalSystem"
• Previous message: lelteto: "RE: AT_SIGNATURE and AT_KEYEXCHANGE"
• In reply to: Andrea Cogliati: "Re: Disable PIN prompt in Smart Card Logon"
• Next in thread: Andrea Cogliati: "Re: Disable PIN prompt in Smart Card Logon"
• Reply: Andrea Cogliati: "Re: Disable PIN prompt in Smart Card Logon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 07 Jun 2005 15:18:42 GMT

Andrea,

SC logon is integral part of Winlogon in a sense that Winlogon does the
hard job of handling the insertion/removal and reads the card.
On SC insert SAS Gina prompts for a PIN and queries Winlogon for the SC
content. Having the authentication info (SC/PIN or User/Pwd) Gina should
call LsaLogonUser with appropriate structure (in the case of SC
KERB_SMART_CARD_LOGON).

Where do you match the Biometrics? If you do it on the client machine
there is an easier solution - Gina hook.

Ivailo

Andrea Cogliati wrote:
>>From: Ivailo Petrov <ipetrov@san.rr.com>
>>
>>Winlogon does not prompt the user for SC PIN. It notifies (by a SAS)
>>Gina that a SC is inserted and then Gina prompts the user.
>
>
> Ivailo,
>
> I'm a bit confused. From several threads in the past (answered by Eric
> Perlin, mostly) I understand that Smart Card Logon is an integral part of
> Winlogon, including PIN prompt. Anyway, I haven't found a definitive
> documentation about this.
>
> Anyway, assuming I can get the user's PIN in my GINA, then I should call
> LsaLogonUser with (once undocumented) KERB_SMART_CARD_LOGON structure and
> I'm finished, ain't I?
>
> Andrea
>

---

• Next message: Sam Hobbs: "Re: Enumerating current login windows from LocalSystem"
• Previous message: lelteto: "RE: AT_SIGNATURE and AT_KEYEXCHANGE"
• In reply to: Andrea Cogliati: "Re: Disable PIN prompt in Smart Card Logon"
• Next in thread: Andrea Cogliati: "Re: Disable PIN prompt in Smart Card Logon"
• Reply: Andrea Cogliati: "Re: Disable PIN prompt in Smart Card Logon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Disable PIN prompt in Smart Card Logon ... > Gina that a SC is inserted and then Gina prompts the user. ... Winlogon, including PIN prompt. ... (microsoft.public.platformsdk.security) Re: Smart-Card SAS under WinXP (stand-alone) ... Winlogon to our GINA also for stand alone Windows XP systems. ... monitoring thread will be running also for standalone systems. ... Smart-Card SAS under WinXP ... (microsoft.public.platformsdk.security) RE: detailed GINA problem ... and network providers are the components of the interactive logon model. ... The interactive logon procedure is normally controlled by Winlogon, ... To work with Winlogon, the GINA, and network providers, you should have ... (microsoft.public.platformsdk.security) RE: WlxGetConsoleSwitchCredentials, ReconnectNotify, DisconnectNotify ... So if you don't plan do extra actions, ... to msgina.dll will be fine for our gina. ... For code sample, you may reference ... it is the one you returned when winlogon calling WlxInitialize, ... (microsoft.public.platformsdk.security) Re: When does WinLogon load a new GINA? ... WlxInitialize returns TRUE and WlxNegotiate returns level ... WlxInitialize is NOT called when the new GINA ... all state information can be kept in global variables. ... to WinLogon via WlxInitialize? ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2005-06