"LsaLogonUser" method to log a user on to the local computer using Kerberos ticket

From: MADHUKAR ROCKER <earthlyhero@xxxxxxxxx>
Date: 16 May 2007 22:58:36 -0700

Hello,

In windows we have "LogonUser" function which attempts to log a user
on to the local computer.
We specify the user with a user name and domain and authenticate the
user with a plaintext password.
If the function succeeds, you receive a handle to a token that
represents the logged-on user.
You can then use this token handle to impersonate the specified
user.

Is there any Windows API to LogonUser/impersonate user using Kerberos
ticket without providing password?
This is required for Single Sign-on feature.

I came across one Windows API "LsaLogonUser" which takes Kerberos
ticket.
But i am not sure whether this is the right API to use.

Can i use "LsaLogonUser" method to log a user on to the local computer
using Kerberos ticket?

Does anyone have sample code for "LsaLogonUser" method?

Thanks
MADHUKAR

.

Follow-Ups:
- Re: "LsaLogonUser" method to log a user on to the local computer using Kerberos ticket
  - From: DaveMo

Prev by Date: RE: custom privileges
Next by Date: Re: Importing a x509 certificate with only a public key
Previous by thread: custom privileges
Next by thread: Re: "LsaLogonUser" method to log a user on to the local computer using Kerberos ticket
Index(es):
- Date
- Thread

Relevant Pages

Re: ASM objects?
... > Mind explaining what Borland's OWL is about? ... "Microsoft" is written multiple times on the Windows loading screen (it ... endianness thereafter... ... smart to specify and when it's actually far, ...
(alt.lang.asm)
Re: impersonation in vb.net
... As the documentation for LogonUser states, ... (act as part of the operating system) ... under Windows 2000. ... Public Declare Auto Function CloseHandle Lib "kernel32.dll" _ ...
(microsoft.public.dotnet.security)
Re: Recycle Bin Error.
... In My Computer or Windows Explorer, right-click the volume you want to ... [[The disk check could not be performed because the disk check utility needs ... You have to reboot for Error-checking to run. ... Specify a different file name. ...
(microsoft.public.windowsxp.help_and_support)
Re: Rip audio from USB CD device?
... Specify GENERIC_READ in CreateFile. ... In Windows 2000, Windows Media Player uses cdral.dll for CD recording, ... > with administrator rights and no other process can use the device, ... > accessing the same CD device and not using third party drivers/software. ...
(microsoft.public.win32.programmer.mmedia)
Re: adding new user
... That is not normal and would not have anything to do with the Windows ... /R user Revoke specified user's access rights. ... Wildcards can be used to specify more that one file in a command. ... CI - Container Inherit. ...
(microsoft.public.windowsxp.security_admin)