Re: "LsaLogonUser" method to log a user on to the local computer using Kerberos ticket

From: MADHUKAR ROCKER <earthlyhero@xxxxxxxxx>
Date: 21 May 2007 04:50:30 -0700

Hi Dave,

Thanks for your reply.
I already have kerberos ticket. I am getting Kerberos ticket of user
from user's browser.
Browser has the capability to send Kerberos ticket to server.
On server side, i need to logon user using this kerberos ticket and
impersonate user using
output generated by LsaLogonUser.
According to my understanding, we need to use KERB_TICKET_LOGON in
LsaLogonUser function.
We can pass Kerberos ticket to KERB_TICKET_LOGON structure.

Is this the right approach to logon user using kerberos ticket
(assuming that i already have kerberos ticket and no need to generate
using KERB_S4U_LOGON ) ?
Do you have any example on usage of KERB_TICKET_LOGON in LsaLogonUser
function?

Thanks
MADHUKAR

.

References:
- "LsaLogonUser" method to log a user on to the local computer using Kerberos ticket
  - From: MADHUKAR ROCKER
- Re: "LsaLogonUser" method to log a user on to the local computer using Kerberos ticket
  - From: DaveMo

Prev by Date: Need example on usage of KERB_TICKET_LOGON with LsaLogonUser function
Next by Date: RpcImpersonateClient for local RPC
Previous by thread: Re: "LsaLogonUser" method to log a user on to the local computer using Kerberos ticket
Next by thread: Re: How to encrypt data with given key and IV
Index(es):
- Date
- Thread

Relevant Pages

Re: Authenticating LDAP connection with current windows users credentials?
... java installation can properly read your kerberos ticket. ... You may want to make sure that the kerberos server it uses is the right server all the time. ... If you are specifying an IP address that will mitigate those issues. ...
(comp.lang.java.programmer)
Re: Netdiags error with Kerberos.....Need some guidance.
... I have seen that error when running netdiag and everything worked fine as ... > get ready to do an in-place upgrade on my Exchange server. ... > computer_name$ kind of Kerberos ticket. ... > user credentials or computer credentials in an encrypted format. ...
(microsoft.public.windows.server.security)
Re: Year 2142 problem...
... I repeat my question, ... ... If the server and the client's times are out by more than the "specified ... >> not be able to get a Kerberos ticket because the date on their ... >> /David Resler ...
(comp.protocols.kerberos)
Re: windows needs your current credentials
... Are you using Group Policy? ... Check the Kerberos ticket lifetime under ... > Using an XP pro client with all patches, on a 2003 server> Active Directory network with all patches. ...
(microsoft.public.windows.server.general)
Re: ASP.NET - Basic/SSL - Changes in user group membership delayed
... > reused and that would be a good explanation for the problem. ... > kerberos ticket is cached on the server, it might not get refreshed right ... I'm pretty sure the server isn't going to make a round trip to the ... If I restart IIS the changes are effective ...
(microsoft.public.dotnet.framework.aspnet.security)