KERB_PURGE_TKT_CACHE_REQUEST structure (ntsecapi.h)

The KERB_PURGE_TKT_CACHE_REQUEST structure contains information used to delete entries from the ticket cache.

It is used by LsaCallAuthenticationPackage.

Syntax

typedef struct _KERB_PURGE_TKT_CACHE_REQUEST {
  KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  LUID                       LogonId;
  UNICODE_STRING             ServerName;
  UNICODE_STRING             RealmName;
} KERB_PURGE_TKT_CACHE_REQUEST, *PKERB_PURGE_TKT_CACHE_REQUEST;

Members

MessageType

KERB_PROTOCOL_MESSAGE_TYPE value identifying the type of request being made. This member must be set to KerbPurgeTicketCacheMessage.

LogonId

LUID structure containing the logon session identifier. This can be zero for the current user's logon session. If not zero, the caller must have the SeTcbPrivilege privilege set. If this fails, the Kerberos authentication package sets the ProtocolStatus parameter of LsaCallAuthenticationPackage to STATUS_ACCESS_DENIED.

ServerName

UNICODE_STRING containing the name of the service whose tickets should be deleted from the cache.

RealmName

UNICODE_STRING containing the name of the realm whose tickets should be deleted from the cache.

Remarks

If both ServerName and RealmName are of zero length, LsaCallAuthenticationPackage will delete all tickets for the logon session identified by LogonId. Otherwise, LsaCallAuthenticationPackage will search the cache tickets for ServerName@RealmName, and will delete all such tickets.

LsaCallAuthenticationPackage does not return this buffer. It returns STATUS_SUCCESS if one or more tickets are deleted. If no tickets are found, the function returns SEC_E_NO_CREDENTIALS.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header ntsecapi.h