locked
How to pass the value of 3rd Parameter i.e PIN to sub authentication packages on Domain Controller. RRS feed

  • Question

  • Hi,

     

    For testing I have created a sample Credential Provider which takes three parameter 1) Username, 2) Password, & 3)PIN. Now as per the default protocol configuration first two values are already used by authentication packages.

    NOTE: How to pass the value of 3rd Parameter i.e PIN to sub authentication packages on Domain Controller.

    To test this credential Provider first I have passed the structure KERB_INTERACTIVE_UNLOCK_LOGON which works fine. And I am ale to logon remotely with this structure. But how to use other authentication structure like MSV1_0_LOGON_SUBMIT_TYPE, PMSV1_0_SUBAUTH_LOGON, PMSV1_0_SUBAUTH_REQUEST or any which helps me to pass the extra parameter value to my custom sub-auth packages.

    This authentication structure use parameter like "MessageType" which must be set correctly as per the logon Level.

    I have developed a sub-authentication module (SubAuth.dll) for authenticating the user, when logs in through client windows PC or client program. The SubAuth.dll module has a function Msv1_0SubAuthenticationFilter implemented and exported for sub-authentication purpose.

    Registry entry have been created under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos

    Name->Auth0

    Value->SubAuth

    as Auth0 with value set as the complete path of the DLL. After reboot of DC SubAuth.dll is registered properly and I am able to see initial log file saying that following module is loaded when any user try to logon to that domain. Same changes are done for MSV1_0 package.

    Now I have problem. How to pass extra value to subauth module as I found no other documentation which explains in detail how to pass extra value to subauth module.

    Friday, April 1, 2011 6:11 AM

All replies

  • it's over 6 years. Have you solved the issue?
    Tuesday, May 15, 2018 7:53 AM