Hi,
I'm working with Windows Local Security Account (LSA) system and trying to develop a custom credential provider and a custom authentication package which allow the authentication of a user on a Domain Controller without using username and
password but with a custom set of informations used as hint.
Looking at the available documentation on MSDN and at the Windows SDK examples, I couldn't find informations for this kind of scenario.
So far, I've implemented and deployed on a Computer A (can run Windows 7/8/10..) a custom credential provider which sets the local custom authentication package by using
LsaLookupAuthenticationPackage and then sends to the underlying authentication package some random informations by setting the KERB_INTERACTIVE_LOGON structure.
In the custom authentication package, I've implemented all the SECPKG_FUNCTION_TABLE functions by proxying the kerberos.dll functions and enabled some verbose debugging and I've found out that
LsaApLogonUserEx2 is called. The problem is, how can I achieve the interactive logon of an user on a specific Active Directory system without username and password but with a custom structure used as hint?
On the server side, the Domain Controller, which kind of functions should I implement in the custom authentication package in order to do here the translation between my custom data and the real user data?
I've seen the possibility of using KERB_S4U_LOGON but still I need to provide the real user principal name.
