Discussion:
Custom Authentication Package sample code ?
(too old to reply)
Eric LAMIDIAUX
2007-06-17 16:55:43 UTC
Permalink
Hi all,

I need to write a custom Authentication Package to wrap the standard MSV1_0
one. I want to make some more controls right after MSV1_0 checked the
user/password against SAM or AD. The written code should be able to run
under W2K, XP and Vista ...

I searched the web for custom authentication package sample code but failed
to find any ...

If someone can point me out or send me such a sample code, it would be much
appreciated.

Regards,

Eric.
Skywing [MVP]
2007-06-18 20:24:37 UTC
Permalink
I think that you actually want to make a Msv1_0/Kerberos subauthentication
filter rather than a complete new custom authentication package. Look at
Msv1_0SubAuthenticationFilter in MSDN / the Platform SDK.
--
Ken Johnson (Skywing)
Windows SDK MVP
http://www.nynaeve.net
Post by Eric LAMIDIAUX
Hi all,
I need to write a custom Authentication Package to wrap the standard
MSV1_0 one. I want to make some more controls right after MSV1_0 checked
the user/password against SAM or AD. The written code should be able to
run under W2K, XP and Vista ...
I searched the web for custom authentication package sample code but
failed to find any ...
If someone can point me out or send me such a sample code, it would be
much appreciated.
Regards,
Eric.
Eric LAMIDIAUX
2007-06-19 17:20:43 UTC
Permalink
Hi Ken,

Thanks for your answer ...

I found the MSVSubAuth sample in the Platform SDK and will give it a try ...

As far as I understand, in the USER_ALL_INFORMATION structure I can find the
NtPassword HASH. My problem is I need to access the clear text password, so
I can to submit the username & password to another external security manager
(our RACF mainframe database).

I also need to manage password synchronization between AD and RACF. I
thought Password Filter would be a good place to do the job as I must be
sure the change is accepted on both sides. I could first submit the change
to RACF then, if not OK refuse the new password, if OK let the change AD
password go on. When the AD change is done, I would receive a message
telling me if AD accepted it or not. If not, I could rollback RACF to the
old password. The problem is that Password Filter seems to only have access
to newpass in the received parameters, not the actual one. But RACF password
change need both !

Actually, I'm doing this using a custom GINA which works under NT4, W2K, XP
and W2K3. But of course GINA won't run under Vista ...

So I'm trying to find a way to do the same job under Vista, and would like
it to run under W2K, XP, W2K3 and Vista (and probably Server 2008) ...

Regards,

Eric.
Siddharth Gupta
2010-07-28 22:52:01 UTC
Permalink
Hi Eric,

Were u able to achieve the correct implementation of the Custom Authentication Package. If yes, can u please share with me a sample working solution. I will be highly obliged.

Thanks and Regards,
Siddharth Gupta



Eric LAMIDIAUX wrote:

Custom Authentication Package sample code ?
17-Jun-07

Hi all

I need to write a custom Authentication Package to wrap the standard MSV1_0
one. I want to make some more controls right after MSV1_0 checked the
user/password against SAM or AD. The written code should be able to run
under W2K, XP and Vista ..

I searched the web for custom authentication package sample code but failed
to find any ..

If someone can point me out or send me such a sample code, it would be much
appreciated

Regards

Eric.

Previous Posts In This Thread:

On Sunday, June 17, 2007 12:55 PM
Eric LAMIDIAUX wrote:

Custom Authentication Package sample code ?
Hi all

I need to write a custom Authentication Package to wrap the standard MSV1_0
one. I want to make some more controls right after MSV1_0 checked the
user/password against SAM or AD. The written code should be able to run
under W2K, XP and Vista ..

I searched the web for custom authentication package sample code but failed
to find any ..

If someone can point me out or send me such a sample code, it would be much
appreciated

Regards

Eric.

On Monday, June 18, 2007 4:24 PM
Skywing [MVP] wrote:

I think that you actually want to make a Msv1_0/Kerberos subauthentication
I think that you actually want to make a Msv1_0/Kerberos subauthentication
filter rather than a complete new custom authentication package. Look at
Msv1_0SubAuthenticationFilter in MSDN / the Platform SDK

--
Ken Johnson (Skywing
Windows SDK MV
http://www.nynaeve.ne
"Eric LAMIDIAUX" <***@nospam.org> wrote in message news:D90125BF-439C-436E-99E3-***@microsoft.com...

On Tuesday, June 19, 2007 1:20 PM
Eric LAMIDIAUX wrote:

Hi Ken,Thanks for your answer ...
Hi Ken

Thanks for your answer ..

I found the MSVSubAuth sample in the Platform SDK and will give it a try ..

As far as I understand, in the USER_ALL_INFORMATION structure I can find the
NtPassword HASH. My problem is I need to access the clear text password, so
I can to submit the username & password to another external security manager
(our RACF mainframe database)

I also need to manage password synchronization between AD and RACF. I
thought Password Filter would be a good place to do the job as I must be
sure the change is accepted on both sides. I could first submit the change
to RACF then, if not OK refuse the new password, if OK let the change AD
password go on. When the AD change is done, I would receive a message
telling me if AD accepted it or not. If not, I could rollback RACF to the
old password. The problem is that Password Filter seems to only have access
to newpass in the received parameters, not the actual one. But RACF password
change need both

Actually, I'm doing this using a custom GINA which works under NT4, W2K, XP
and W2K3. But of course GINA won't run under Vista ..

So I'm trying to find a way to do the same job under Vista, and would like
it to run under W2K, XP, W2K3 and Vista (and probably Server 2008) ..

Regards

Eric.


Submitted via EggHeadCafe - Software Developer Portal of Choice
Overriding Deserialization of Persisted Workflow Instances
http://www.eggheadcafe.com/tutorials/aspnet/40fe2b27-ef79-45d0-82e1-6eca3ed67df8/overriding-deserialization-of-persisted-workflow-instances.aspx
Loading...