KERB_CERTIFICATE_S4U_LOGON structure
The KERB_CERTIFICATE_S4U_LOGON structure contains information about the certificate for a service for user (S4U) logon.
Syntax
typedef struct _KERB_CERTIFICATE_S4U_LOGON { KERB_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; UNICODE_STRING UserPrincipalName; UNICODE_STRING DomainName; ULONG CertificateLength; PUCHAR Certificate; } KERB_CERTIFICATE_S4U_LOGON, *PKERB_CERTIFICATE_S4U_LOGON;
Members
- MessageType
-
A value of the KERB_LOGON_SUBMIT_TYPE enumeration that identifies the type of logon request being made. This member must be set to KerbCertificateS4ULogon.
- Flags
-
Flags that provide more information about the certificate logon.
Value Meaning - KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES
- 0x1
The Key Distribution Center (KDC) checks for account mapping conflicts for the same certificate.
- KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS
- 0x2
The KDC checks the length of time this account with this certificate has been logged on.
- KERB_CERTIFICATE_S4U_LOGON_FLAG_IF_NT_AUTH_POLICY_REQUIRED
- 0x4
The KDC checks to see if an authentication policy is set.
- KERB_CERTIFICATE_S4U_LOGON_FLAG_IDENTIFY
- 0x8
The KDC checks for identity only tokens instead of impersonation tokens. The request for the identity token must have the same value as the KERB_S4U_LOGON_FLAG_IDENTIFY flag in the KERB_S4U_LOGON structure.
Windows Server 2008 R2, Windows 7, Windows Server 2008 and Windows Vista with SP2: This flag is not available.
- UserPrincipalName
-
The user principal name of the client to authenticate. The value of this member can be NULL. If the value is not NULL, the LsaLogonUser function uses the value to locate the user name.
- DomainName
-
The domain name of the user to authenticate. The value of this member can be NULL. If the value is not NULL, the LsaLogonUser function uses the value to locate the KDC. If the value is NULL, the LsaLogonUser function attempts to authenticate against the domain to which the computer is joined.
- CertificateLength
-
The length, in bytes, of the client certificate.
- Certificate
-
The certificate of the S4U logon.
Requirements
|
Minimum supported client |
Windows Vista [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2008 [desktop apps only] |
|
Header |
|