Guest igor.jovanovski@gmail.com Posted December 10, 2008 Posted December 10, 2008 This might seem not very reliable case, but stay with me on this explanation, it seems that windows has a bug here: We have a Credential Provider for proprietery logon with Smart Cards. In the Crededntial Provider I read the accounts from the Smart Card and submit them in the GetSerialization method packed in KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/ computer name of anoter OS installation from the same machine, the logon still works! I checked the trace up to the moment where the data are returned back via GetSerializaion method. If I enter I dumy computer name and try the same again, it will report the error "unknown user name or bad password..." It seems that it works only if I enter the computer name of the other OS installation. I discovered this by mistake because on the same laptop I have vista 32 bit and then vista 64 bit. On the SmartCard I had and account "igorvista64\administrator" with password 1234 and managed to login on the system igorvista32 with the account "igorvista32\administrator" with the same passowrd 1234. This coincidence led me to the conclusion. The same goes for the unlock scenario. Can MS support / insiders elaborate on this? Thanks, Igor Jovanovski Quote
Guest DaveMo Posted December 11, 2008 Posted December 11, 2008 On Dec 10, 10:01Â am, igor.jovanov...@gmail.com wrote:<span style="color:blue"> > This might seem not very reliable case, but stay with me on this > explanation, it seems that windows has a bug here: > > We have a Credential Provider for proprietery logon with Smart Cards. > In the Crededntial Provider I read the accounts from the Smart Card > and submit them in the GetSerialization method packed in > KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/ > computer name of anoter OS installation from the same machine, the > logon still works! I checked the trace up to the moment where the data > are returned back via GetSerializaion method. If I enter I dumy > computer name and try the same again, it will report the error > "unknown user name or bad password..." It seems that it works only if > I enter the computer name of the other OS installation. I discovered > this by mistake because on the same laptop I have vista 32 bit and > then vista 64 bit. On the SmartCard I had and account > "igorvista64administrator" with password 1234 and managed to login on > the system igorvista32 with the account "igorvista32administrator" > with the same passowrd 1234. This coincidence led me to the > conclusion. The same goes for the unlock scenario. > Can MS support / insiders elaborate on this? > > Thanks, > Igor Jovanovski</span> Igor, There are some odd shortcut cases where the domain parameter might be ignored during logon. This allows some very old down-level scenarios to work the way people wanted them to work before there were domains. Since the account and password are correct the logon is working. It's not usually a problem and probably shouldn't concern you for what you are doing. I could be wrong and there could be some horrible new bug here but I don't see a cause for concern. HTH, Dave Quote
Guest igor.jovanovski@gmail.com Posted February 2, 2009 Posted February 2, 2009 On Dec 11 2008, 5:55Â pm, DaveMo <david.mow...@gmail.com> wrote:<span style="color:blue"> > On Dec 10, 10:01Â am,igor.jovanov...@gmail.com wrote: > > > > ><span style="color:green"> > > This might seem not very reliable case, but stay with me on this > > explanation, it seems that windows has a bug here:</span> ><span style="color:green"> > > We have aCredentialProviderfor proprietery logon withSmartCards. > > In the CrededntialProviderI read the accounts from theSmartCard > > and submit them in the GetSerialization method packed in > > KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/ > > computer name of anoter OS installation from the same machine, the > > logon still works! I checked the trace up to the moment where the data > > are returned back via GetSerializaion method. If I enter I dumy > > computer name and try the same again, it will report the error > > "unknown user name or bad password..." It seems that it works only if > > I enter the computer name of the other OS installation. I discovered > > this by mistake because on the same laptop I have vista 32 bit and > > then vista 64 bit. On the SmartCard I had and account > > "igorvista64administrator" with password 1234 and managed to login on > > the system igorvista32 with the account "igorvista32administrator" > > with the same passowrd 1234. This coincidence led me to the > > conclusion. The same goes for the unlock scenario. > > Can MS support / insiders elaborate on this?</span> ><span style="color:green"> > > Thanks, > >IgorJovanovski</span> > > Igor, > > There are some odd shortcut cases where the domain parameter might be > ignored during logon. This allows some very old down-level scenarios > to work the way people wanted them to work before there were domains. > Since the account and password are correct the logon is working. It's > not usually a problem and probably shouldn't concern you for what you > are doing. > > I could be wrong and there could be some horrible new bug here but I > don't see a cause for concern. > > HTH, > Dave- Hide quoted text - > > - Show quoted text -</span> Hi Dave, Thank you for your feedback. This issue still makes me think as it appears only when the computer name is an existing one on the laptop (just another partition) Igor Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.