Credential Types

  • Article

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

A credential type determines the nature of the credential that is being retrieved or cached. Credential types are processed by Credential Type Providers. Credential Type Providers understand the semantics of each credential type and determine what has to be cached.

Credential types can be either primitive or virtual. Primitive types represent basic credential types. Virtual types map to one or more primitive types and are provided for convenience.

The credential type identifier is a DWORD. The least significant bit (LSB) of the credential type identifier is used to indicate whether the type is primitive or virtual. If the LSB is set to 0, the credential type is a primitive type. If it is set to 1, the credential type is a virtual type. The values 0x00010000 to 0xFFFFFFFF are reserved for OS primitive or virtual credential types.

In addition to predefined credential types, you can also define custom types. The configuration information for credential types is stored in the registry. For more information, see Credential Manager Registry Settings.

The following table shows the predefined primitive and virtual credential types in Windows Embedded CE, with a description of the purpose of each.

Credential type Description

CRED_TYPE_CERTIFICATE

This primitive type is used if you are saving a client certificate. The application should provide credential manager with the hash of the certificate in this case.

CRED_TYPE_DOMAIN_PASSWORD

This virtual type is used by NTLM and Kerberos SSPs. This type is supported only if NTLM or Kerberos are included in the OS design.

If both NTLM and Kerberos are included in the OS design, then CRED_TYPE_DOMAIN_PASSWORD maps to CRED_TYPE_NTLM and CRED_TYPE_KERBEROS.

If either NTLM or Kerberos is included in the OS design, then CRED_TYPE_DOMAIN_PASSWORD maps to wither CRED_TYPE_NTLM or CRED_TYPE_KERBEROS.

CRED_TYPE_GENERIC

This primitive type is used for custom credential types.

CRED_TYPE_KERBEROS

This primitive type is used by Kerberos.

CRED_TYPE_NTLM

This primitive type is used by NTLM.

CRED_TYPE_PLAINTEXT_PASSWORD

This primitive type is used if you are caching the password in its plaintext form. Plaintext passwords are major security risks and should be avoided whenever possible.

See Also

Concepts

Credential Manager Registry Settings

Other Resources

Credential Manager Application Development