KERB_CERTIFICATE_LOGON structure (ntsecapi.h)
The KERB_CERTIFICATE_LOGON structure contains information about a smart card logon session.
It is passed as the AuthenticationInformation parameter to the LsaLogonUser function when the Kerberos security package performs an interactive smart card logon.
Syntax
typedef struct _KERB_CERTIFICATE_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING DomainName;
UNICODE_STRING UserName;
UNICODE_STRING Pin;
ULONG Flags;
ULONG CspDataLength;
PUCHAR CspData;
} KERB_CERTIFICATE_LOGON, *PKERB_CERTIFICATE_LOGON;
Members
MessageType
A member of the KERB_LOGON_SUBMIT_TYPE enumeration that indicates how this structure is used. The member must be one of the following values.
| Value | Meaning |
|---|---|
|
This structure is passed as the AuthenticationInformation parameter to the LsaLogonUser function to perform an interactive smart card logon. |
|
This structure is used as the Logon member of a KERB_CERTIFICATE_UNLOCK_LOGON structure. |
DomainName
The domain name of the user to authenticate. The value of this member can be empty. If the value is not empty, LsaLogonUser uses the value to locate the Key Distribution Center (KDC). If the value is empty, LsaLogonUser attempts to authenticate against the domain to which the computer is joined. The pointer is relative to the beginning of the structure and is not an absolute memory pointer.
UserName
The user name of the user to authenticate. The value of this member can be empty. If the value is not empty, LsaLogonUser uses the value to locate the user account to authenticate. The pointer is relative to the beginning of the structure and is not an absolute memory pointer.
Pin
The PIN to use to authenticate the user. The Length member of this structure does not include the terminating null character of the PIN. The pointer is relative to the beginning of the structure and is not an absolute memory pointer.
The PIN can be protected by using the CredProtect function.
Flags
Optional flags that control the behavior of the authentication. The following values are defined.
CspDataLength
The length, in characters, of the CspData member.
CspData
A pointer to a KERB_SMARTCARD_CSP_INFO structure that contains information about the smart card cryptographic service provider (CSP) ) or a pointer to a marshaled KERB_CERTIFICATE_INFO structure when updating certificate credentials.
Remarks
This structure, along with the data pointed to by the DomainName, UserName, Pin, and CspData members, is contained in a single block of contiguous memory. When this structure is serialized, the offsets specified by each of these members must be multiples of two.
The pointers stored in the members of UNICODE_STRING type are relative to the beginning of the structure and are not absolute memory pointers.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | ntsecapi.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for