Edit

KERB_PROTOCOL_MESSAGE_TYPE enumeration (ntsecapi.h)

  • Article

The KERB_PROTOCOL_MESSAGE_TYPE enumeration lists the types of messages that can be sent to the Kerberos authentication package by calling the LsaCallAuthenticationPackage function.

Each message corresponds to a dispatch routine and causes the Kerberos authentication package to perform a different task.

Syntax

typedef enum _KERB_PROTOCOL_MESSAGE_TYPE {
  KerbDebugRequestMessage = 0,
  KerbQueryTicketCacheMessage,
  KerbChangeMachinePasswordMessage,
  KerbVerifyPacMessage,
  KerbRetrieveTicketMessage,
  KerbUpdateAddressesMessage,
  KerbPurgeTicketCacheMessage,
  KerbChangePasswordMessage,
  KerbRetrieveEncodedTicketMessage,
  KerbDecryptDataMessage,
  KerbAddBindingCacheEntryMessage,
  KerbSetPasswordMessage,
  KerbSetPasswordExMessage,
  KerbAddExtraCredentialsMessage = 17,
  KerbQueryTicketCacheExMessage,
  KerbPurgeTicketCacheExMessage,
  KerbRefreshSmartcardCredentialsMessage,
  KerbAddExtraCredentialsMessage = 17,
  KerbQuerySupplementalCredentialsMessage,
  KerbTransferCredentialsMessage,
  KerbQueryTicketCacheEx2Message,
  KerbSubmitTicketMessage,
  KerbAddExtraCredentialsExMessage,
  KerbQueryKdcProxyCacheMessage,
  KerbPurgeKdcProxyCacheMessage,
  KerbQueryTicketCacheEx3Message,
  KerbCleanupMachinePkinitCredsMessage,
  KerbAddBindingCacheEntryExMessage,
  KerbQueryBindingCacheMessage,
  KerbPurgeBindingCacheMessage,
  KerbPinKdcMessage,
  KerbUnpinAllKdcsMessage,
  KerbQueryDomainExtendedPoliciesMessage,
  KerbQueryS4U2ProxyCacheMessage,
  KerbRetrieveKeyTabMessage,
  KerbRefreshPolicyMessage,
  KerbPrintCloudKerberosDebugMessage,
  KerbNetworkTicketLogonMessage,
  KerbNlChangeMachinePasswordMessage
} KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE;

Constants

 
KerbDebugRequestMessage
Value: 0
Reserved.
KerbQueryTicketCacheMessage
This dispatch routine returns information about all of the cached tickets for the specified user logon session.
KerbChangeMachinePasswordMessage
This constant is reserved.
KerbVerifyPacMessage
This constant is reserved.
KerbRetrieveTicketMessage
This dispatch routine retrieves the ticket-granting ticket from the ticket cache of the specified user logon session.
KerbUpdateAddressesMessage
This constant is reserved.
KerbPurgeTicketCacheMessage
This dispatch routine allows selected tickets to be removed from the user logon session's ticket cache. It can also remove all cached tickets.
KerbChangePasswordMessage
This message causes the use of Kerberos Password Change Protocol to change the user's password in a Windows domain or configured non-Windows Kerberos realm that supports this service. The caller must know the current password to change the password for an account.




When changing the password of an account in a non-Windows Kerberos realm, the local computer's registry is consulted to locate the Kerberos password service for the requested domain name.
KerbRetrieveEncodedTicketMessage
This message retrieves the specified ticket, either from the cache, if it is already there, or by requesting it from the Kerberos key distribution center (KDC).
KerbDecryptDataMessage
This constant is reserved.
KerbAddBindingCacheEntryMessage
This constant is reserved.
KerbSetPasswordMessage
This message uses a modified Kerberos Password Change Protocol to change the user's password in the domain or configured non-Windows Kerberos realm that supports this service. The caller must have permission to set the password for the target account. The caller does not need to know the current password for the account.




When changing the password for an account in a non-Windows Kerberos realm, the local computer registry is used to locate the Kerberos password service for the requested domain name.
KerbSetPasswordExMessage
This message extends KerbSetPasswordMessage by specifying the client name and realm.
KerbAddExtraCredentialsMessage
Value: 17
This message is to add, remove, or replace an extra credential. The SeTcbPrivilege is required to alter another logon account's credentials.
KerbQueryTicketCacheExMessage
This message extends KerbQueryTicketCacheMessage by specifying the client name and realm.
KerbPurgeTicketCacheExMessage
This message extends KerbPurgeTicketCacheMessage by specifying the client name and realm.
KerbRefreshSmartcardCredentialsMessage
This message is a request to refresh the smart card credentials.
KerbAddExtraCredentialsMessage
Value: 17
This message is to add, remove, or replace an extra credential. The SeTcbPrivilege is required to alter another logon account's credentials.
KerbQuerySupplementalCredentialsMessage
This constant is reserved.
KerbTransferCredentialsMessage
The dispatch routine transfers credentials from one LUID to another LUID. The SeTcbPrivilege is required.


Windows Server 2003 and Windows XP:  This constant is not supported.
KerbQueryTicketCacheEx2Message
The dispatch routine queries the Kerberos ticket cache for the specified logon session. The session key type and branch ID are returned in addition to the other information returned when using the KerbQueryTicketCacheMessage message type. The SeTcbPrivilege is required.


Windows Server 2003 and Windows XP:  This constant is not supported.
KerbSubmitTicketMessage
The dispatch routine gets the tickets from the KDC and updates the ticket cache. The SeTcbPrivilege is required to access another logon account's ticket cache.


Windows Server 2003 and Windows XP:  This constant is not supported.
KerbAddExtraCredentialsExMessage
The dispatch routine adds, modifies, or deletes an extra credential in one or more service principal names (SPNs). The SeTcbPrivilege is required to change extra credentials in another user's logon session.

Windows Server 2003 and Windows XP:  This constant is not supported.
KerbQueryKdcProxyCacheMessage
This message returned information about the KDC proxy cached tickets.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbPurgeKdcProxyCacheMessage
This message allows selected KDC proxy tickets to be removed.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbQueryTicketCacheEx3Message
The dispatch routine queries the Kerberos ticket cache for the specified logon session. The number of tickets information is returned in addition to the other information returned when using the KerbQueryTicketCacheEx2Message message type. The SeTcbPrivilege is required.


Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbCleanupMachinePkinitCredsMessage
This message is to clean up and remove any PKINIT device credentials from the computer.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbAddBindingCacheEntryExMessage
This message is for adding a binding cache entry. The SeTcbPrivilege is required.


Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbQueryBindingCacheMessage
This message queries the binding cache for the number of entries and their data.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbPurgeBindingCacheMessage
This message is to clean up entries in the binding cache.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbPinKdcMessage
KerbUnpinAllKdcsMessage
KerbQueryDomainExtendedPoliciesMessage
This message queries for a list of the extended domain policies.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.
KerbQueryS4U2ProxyCacheMessage
This message queries the proxy cache for the information about a service for user (S4U) logon.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This constant is not supported.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header ntsecapi.h