[EMAIL PROTECTED] wrote: > My aim is to generate a security token to authenticate the user > against one of our single-sign-on(SSO) servers(written in-house). I > am using the SSPI samples (Microsoft Security SSPI Classes) which I > downloaded from your website to generate tokens in order to perform > an sspi authentication with our SSO server.
First, let's get one misunderstanding out of the way - this is not a web-site. You are perhaps reading this discussion group through a web browser, but others are reading it through a Usenet newsreader. Second, SSPI is a general API that is used for programming Kerberos, SChannel, and a number of other authentication protocols. You do not tell us which protocol you're trying to use. > Is there a way I can get the call to AcquireCredentials and > subsequently to InitializeSecurityContext to yield a token relating to > the currently logged on user. Only if you're using a protocol that includes delegation and you are configured correctly to support delegation. > This is the signature for acquireCredentials: > > SECURITY_STATUS sResult = AcquireCredentialsHandle( > NULL, // [in] name of principal. NULL = principal of > current security context > pszPackageName, // [in] name of package And the package name is ...? Without that, we can't give good answers - as you'll see from the MSDN documentation for AcquireCredentialsHandle, there's different semantics for the different packages. > fCredentialUse, // [in] flags indicating use. What are these flags? > Initially (for the above described symptoms), instead of pszlogonid > there was a null being passed in. I have tried to pass in an SID and > even the logoin session id (luid) but this causes the function to > return -2146893050 which i'm pretty sure is SEC_E_NOT_OWNER. I get > this error now, on the iis machine as well as the remote machine. You're right that -2146893050 is SEC_E_NOT_OWNER. I don't know exactly what the problem is that you're experiencing, but if you can provide more detailed information, perhaps we can get somewhere. Alun. ~~~~ [Please don't email posters, if a Usenet response is appropriate.] -- Texas Imperial Software | Find us at http://www.wftpd.com or email 23921 57th Ave SE | [EMAIL PROTECTED] Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
