KERB_CERTIFICATE_S4U_LOGON structure (ntsecapi.h)
The KERB_CERTIFICATE_S4U_LOGON structure contains information about the certificate for a service for user (S4U) logon.
Syntax
typedef struct _KERB_CERTIFICATE_S4U_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags;
UNICODE_STRING UserPrincipalName;
UNICODE_STRING DomainName;
ULONG CertificateLength;
PUCHAR Certificate;
} KERB_CERTIFICATE_S4U_LOGON, *PKERB_CERTIFICATE_S4U_LOGON;
Members
MessageType
A value of the KERB_LOGON_SUBMIT_TYPE enumeration that identifies the type of logon request being made. This member must be set to KerbCertificateS4ULogon.
Flags
Flags that provide more information about the certificate logon.
Value | Meaning |
---|---|
|
The Key Distribution Center (KDC) checks for account mapping conflicts for the same certificate. |
|
The KDC checks the length of time this account with this certificate has been logged on. |
|
The KDC checks to see if an authentication policy is set. |
|
The KDC checks for identity only tokens instead of impersonation tokens. The request for the identity token must have the same value as the KERB_S4U_LOGON_FLAG_IDENTIFY flag in the KERB_S4U_LOGON structure.
Windows Server 2008 R2, Windows 7, Windows Server 2008 and Windows Vista with SP2: This flag is not available. |
UserPrincipalName
The user principal name of the client to authenticate. The value of this member can be NULL. If the value is not NULL, the LsaLogonUser function uses the value to locate the user name.
DomainName
The domain name of the user to authenticate. The value of this member can be NULL. If the value is not NULL, the LsaLogonUser function uses the value to locate the KDC. If the value is NULL, the LsaLogonUser function attempts to authenticate against the domain to which the computer is joined.
CertificateLength
The length, in bytes, of the client certificate.
Certificate
The certificate of the S4U logon.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps only] |
Minimum supported server | Windows Server 2008 [desktop apps only] |
Header | ntsecapi.h |