KERB_ADD_CREDENTIALS_REQUEST structure (ntsecapi.h)

Specifies a message to add, remove, or replace an extra server credential for a logon session. The SeTcbPrivilege is required to alter another logon account's credentials.

Syntax

typedef struct _KERB_ADD_CREDENTIALS_REQUEST {
  KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  UNICODE_STRING             UserName;
  UNICODE_STRING             DomainName;
  UNICODE_STRING             Password;
  LUID                       LogonId;
  ULONG                      Flags;
} KERB_ADD_CREDENTIALS_REQUEST, *PKERB_ADD_CREDENTIALS_REQUEST;

Members

MessageType

A value of the KERB_PROTOCOL_MESSAGE_TYPE enumeration that lists the types of messages that can be sent to the Kerberos authentication package by calling the LsaCallAuthenticationPackage function. This member must be set to KerbAddExtraCredentialsMessage.

UserName

The user name for the credential.

DomainName

The domain name for the credential.

Password

The password for the credential.

LogonId

The logon ID of the credential. The value of this member can be NULL.

Flags

A value that specifies what to do with the credential. This can be one of the following values.

Value	Meaning
KERB_REQUEST_ADD_CREDENTIAL 1	Add the specified credential to the logon session.
KERB_REQUEST_REPLACE_CREDENTIAL 2	Replace the specified credential in the logon session.
KERB_REQUEST_REMOVE_CREDENTIAL 4	Remove the specified credential from the logon session.

Remarks

Calling the LsaCallAuthenticationPackage function with this structure affects only the behavior of the AcceptSecurityContext (Kerberos) function. Using this structure allows multiple physical and virtual servers to share a single identity.

Requirements

Requirement	Value
Minimum supported client	Windows XP [desktop apps only]
Minimum supported server	Windows Server 2003 [desktop apps only]
Header	ntsecapi.h

See also

KERB_ADD_CREDENTIALS_REQUEST_EX