LogonUI / LSA when submiting credentials?

This might seem not very reliable case, but stay with me on this
explanation, it seems that windows has a bug here:

We have a Credential Provider for proprietery logon with Smart Cards.
In the Crededntial Provider I read the accounts from the Smart Card
and submit them in the GetSerialization method packed in
KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/
computer name of anoter OS installation from the same machine, the
logon still works! I checked the trace up to the moment where the data
are returned back via GetSerializaion method. If I enter I dumy
computer name and try the same again, it will report the error
"unknown user name or bad password..." It seems that it works only if
I enter the computer name of the other OS installation. I discovered
this by mistake because on the same laptop I have vista 32 bit and
then vista 64 bit. On the SmartCard I had and account
"igorvista64\administrator" with password 1234 and managed to login on
the system igorvista32 with the account "igorvista32\administrator"
with the same passowrd 1234. This coincidence led me to the
conclusion. The same goes for the unlock scenario.
Can MS support / insiders elaborate on this?

Thanks,
Igor Jovanovski

On Dec 10, 10:01*am, igor.jovanov...@gmail.com wrote:
> This might seem not very reliable case, but stay with me on this
> explanation, it seems that windows has a bug here:
>
> We have a Credential Provider for proprietery logon with Smart Cards.
> In the Crededntial Provider I read the accounts from the Smart Card
> and submit them in the GetSerialization method packed in
> KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/
> computer name of anoter OS installation from the same machine, the
> logon still works! I checked the trace up to the moment where the data
> are returned back via GetSerializaion method. If I enter I dumy
> computer name and try the same again, it will report the error
> "unknown user name or bad password..." It seems that it works only if
> I enter the computer name of the other OS installation. I discovered
> this by mistake because on the same laptop I have vista 32 bit and
> then vista 64 bit. On the SmartCard I had and account
> "igorvista64\administrator" with password 1234 and managed to login on
> the system igorvista32 with the account "igorvista32\administrator"
> with the same passowrd 1234. This coincidence led me to the
> conclusion. The same goes for the unlock scenario.
> Can MS support / insiders elaborate on this?
>
> Thanks,
> Igor Jovanovski

Igor,

There are some odd shortcut cases where the domain parameter might be
ignored during logon. This allows some very old down-level scenarios
to work the way people wanted them to work before there were domains.
Since the account and password are correct the logon is working. It's
not usually a problem and probably shouldn't concern you for what you
are doing.

I could be wrong and there could be some horrible new bug here but I
don't see a cause for concern.

HTH,
Dave

On Dec 11 2008, 5:55*pm, DaveMo <david.mow...@gmail.com> wrote:
> On Dec 10, 10:01*am,igor.jovanov...@gmail.com wrote:
>
>
>
>
>
> > This might seem not very reliable case, but stay with me on this
> > explanation, it seems that windows has a bug here:
>
> > We have aCredentialProviderfor proprietery logon withSmartCards.
> > In the CrededntialProviderI read the accounts from theSmartCard
> > and submit them in the GetSerialization method packed in
> > KERB_INTERACTIVE_LOGON. The login works fine. When I write the domain/
> > computer name of anoter OS installation from the same machine, the
> > logon still works! I checked the trace up to the moment where the data
> > are returned back via GetSerializaion method. If I enter I dumy
> > computer name and try the same again, it will report the error
> > "unknown user name or bad password..." It seems that it works only if
> > I enter the computer name of the other OS installation. I discovered
> > this by mistake because on the same laptop I have vista 32 bit and
> > then vista 64 bit. On the SmartCard I had and account
> > "igorvista64\administrator" with password 1234 and managed to login on
> > the system igorvista32 with the account "igorvista32\administrator"
> > with the same passowrd 1234. This coincidence led me to the
> > conclusion. The same goes for the unlock scenario.
> > Can MS support / insiders elaborate on this?
>
> > Thanks,
> >IgorJovanovski
>
> Igor,
>
> There are some odd shortcut cases where the domain parameter might be
> ignored during logon. This allows some very old down-level scenarios
> to work the way people wanted them to work before there were domains.
> Since the account and password are correct the logon is working. It's
> not usually a problem and probably shouldn't concern you for what you
> are doing.
>
> I could be wrong and there could be some horrible new bug here but I
> don't see a cause for concern.
>
> HTH,
> Dave- Hide quoted text -
>
> - Show quoted text -


Hi Dave,

Thank you for your feedback.
This issue still makes me think as it appears only when the computer
name is an existing one on the laptop (just another partition)

Igor