Re: LsaLogonUser - access to network resources
- From: "Richard Ward" <richardw@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Dec 2005 23:35:43 -0800
S4U is designed to give you a local token that matches one that
would have been created had the user done kerberos auth to your
service. It is still constrained by the presence of credentials. If you
are not trusted for delegation, why do you think that you should be
able to go anywhere else on the network?
"Christine_kh" <Christinekh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:415E4F6D-FF17-4527-883F-97DB6DB8FF19@xxxxxxxxxxxxxxxx
> Hi All,
>
> I used S4U auth and LsaLogonUser() function to receives the new user
> access
> token for client session and it works but it seems that using Network
> logon
> type logged domain user cannot get access to domain network resources - is
> it
> known issue and done "by security design" or exist any other way how to
> solve
> this problem. I tried to change Network logon type on Interactive and
> function returned code 1367 (ERROR_INVALID_LOGON_TYPE) . I tried to use
> LogonUser instead and Interactive logon type - it gave to user access to
> network resources, but I'd like to get the same behavior for LsaLogonUser,
> but I cannot ;(. Any help is very appreciated :)
>
> --Christine
.
- Prev by Date: Re: Extracing X509 Certificate data from the Certificate Strore
- Next by Date: Re: Using Security Descriptors as containers for SIDs
- Previous by thread: certificate validity at a given date time stamp
- Next by thread: Re: LsaLogonUser - access to network resources
- Index(es):
Relevant Pages
|
