LogonUI / LSA when submiting credentials?

  • Thread starter Thread starter igor.jovanovski
  • Start date Start date
I

igor.jovanovski

This might seem not very reliable case, but stay with me on this
explanation, it seems that windows has a bug here:

We have a Credential Provider for proprietery logon with Smart Cards.
In the Crededntial Provider I read the accounts from the Smart Card
and submit them in the GetSerialization method packed in
KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/
computer name of anoter OS installation from the same machine, the
logon still works! I checked the trace up to the moment where the data
are returned back via GetSerializaion method. If I enter I dumy
computer name and try the same again, it will report the error
"unknown user name or bad password..." It seems that it works only if
I enter the computer name of the other OS installation. I discovered
this by mistake because on the same laptop I have vista 32 bit and
then vista 64 bit. On the SmartCard I had and account
"igorvista64\administrator" with password 1234 and managed to login on
the system igorvista32 with the account "igorvista32\administrator"
with the same passowrd 1234. This coincidence led me to the
conclusion. The same goes for the unlock scenario.
Can MS support / insiders elaborate on this?

Thanks,
Igor Jovanovski
 
This might seem not very reliable case, but stay with me on this
explanation, it seems that windows has a bug here:

We have a Credential Provider for proprietery logon with Smart Cards.
In the Crededntial Provider I read the accounts from the Smart Card
and submit them in the GetSerialization method packed in
KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/
computer name of anoter OS installation from the same machine, the
logon still works! I checked the trace up to the moment where the data
are returned back via GetSerializaion method. If I enter I dumy
computer name and try the same again, it will report the error
"unknown user name or bad password..." It seems that it works only if
I enter the computer name of the other OS installation. I discovered
this by mistake because on the same laptop I have vista 32 bit and
then vista 64 bit. On the SmartCard I had and account
"igorvista64\administrator" with password 1234 and managed to login on
the system igorvista32 with the account "igorvista32\administrator"
with the same passowrd 1234. This coincidence led me to the
conclusion. The same goes for the unlock scenario.
Can MS support / insiders elaborate on this?

Thanks,
Igor Jovanovski
Click to expand...

Igor,

There are some odd shortcut cases where the domain parameter might be
ignored during logon. This allows some very old down-level scenarios
to work the way people wanted them to work before there were domains.
Since the account and password are correct the logon is working. It's
not usually a problem and probably shouldn't concern you for what you
are doing.

I could be wrong and there could be some horrible new bug here but I
don't see a cause for concern.

HTH,
Dave
 
Igor,

There are some odd shortcut cases where the domain parameter might be
ignored during logon. This allows some very old down-level scenarios
to work the way people wanted them to work before there were domains.
Since the account and password are correct the logon is working. It's
not usually a problem and probably shouldn't concern you for what you
are doing.

I could be wrong and there could be some horrible new bug here but I
don't see a cause for concern.

HTH,
Dave- Hide quoted text -

- Show quoted text -
Click to expand...


Hi Dave,

Thank you for your feedback.
This issue still makes me think as it appears only when the computer
name is an existing one on the laptop (just another partition)

Igor
 
Back
Top