I'm trying to implement a custom Windows credential provider with the password-less approach described here, by using only the User principal name of a domain user such as "user@domain.com"
As far as I understand, the LsaLogonUser is performed by the Authentication Package (NEGOTIATE or KERBEROS) when the GetSerialization() of the Credential Provider method completes.
Unfortunately, after having serialized the information in the KERB_S4U_LOGON structure, I get the following error from Winlogon.exe:
A logon request contained an invalid logon type value
What am I doing wrong?
I'm targeting Windows 7+, so it should be supported: I've also written a small test where I explicitly call LsaLogonUser (setting SeTcbPrivilege first) and it returns with success
Aucun commentaire:
Enregistrer un commentaire