Authentication Packages
Hello,
I've done a custom credential provider(https://github.com/DavidWeiss2/windows-Credential-Provider-library). until now, I'm able to work well with it, but I need to change the credentials needed for the authentication (i.e. login in the user account without the password).
I believe that to achieve this, I need something outside the CP, a custom implementation of a SSP/AP dll.
As I understand, the LsaLogonUser function is gets as parameters the output of the getSerialization method from the CP, but this parameters include the passwor because LsaLogonUser compares it with the stored credentials to create a new logon session and returns a user token, so I think that I have to make also a custom implementation of LsaLogonUser that calls my own AP instead of the default (registered here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Authentication Packages).
If any of my assumptions are wrong, please tell me, I'm specially insecure about the LsaLogonUser custom implementation.
What I want to know is if there is somewhere an example or more documentation about how to implement a custom SSP/AP, maybe some code (just like the microsoft example for CP), or if you could give me some light about what files do I need to create, where to register them and how to use them instead of the windows defaults.
In less words, I want to know what I have to do to be able to login without password (with a server call response for example).
Thank you very much for your help, I am a bit overwhelmed with this