Re: KERB_SMART_CARD_LOGON

On Jun 10, 5:04 am, "Jan Spooren" <jspoo...@xxxxxxxxxxxxx> wrote:
Hi Dave,

Did you find any information on this?
I tried this a while ago as well, using some sort of badly documented
format
information for the CspData field that came up when I googled for
KERB_SMART_CARD_LOGON and LsaLogonUser, but I always got
STATUS_INVALID_PARAMETER (0xc000000d). (Though I did get LsaLogonUser to
work with the MSV1_0_INTERACTIVE_LOGON structure for username + password)
Did you have any more luck?

Cheers,
Jan.

According to MS, this data is CSP specific which is why they don't
document it. Does your SC come with it's own CSP? If so, you should be
able to get the information you need from the SC vendor.

I think this is incorrect Dave. As far as I know this field is used to pass
the smart card reader name, CSP name etc to LSA. This is therefore not CSP
dependant. Besides, the CSP never receives this information.
I don't think BTW, that I will be able to get this information from myself
or my coworkers, as you suggested. <grin>

Jan.

I did receive this tidbit of information. Hope it helps:

"It was a PIN + some marshalled data representing the certificate on
the smartcard.

The marshaled data was uniquely tied to the CSP being used, and was
mainly used to ensure session correctness in terminal services - e.g.
finding the remote card reader tied to MSTSC."

Dave

.