Creating Subauthentication Packages

Some authentication packages, such as MSV1_0 and Kerberos, support subauthentication packages. A subauthentication package is a DLL that replaces part of the authentication and validation criteria used by the authentication package. For example, a particular server might supply a subauthentication package that validates a user's password with a different algorithm or specifies workstation restrictions in a different format.

The interface a subauthentication package must implement depends on the authentication package it is written for. Subauthentication packages written for MSV1_0 must support the Msv1_0SubAuthenticationRoutine and Msv1_0SubAuthenticationFilter functions. Packages written for Kerberos must support the Msv1_0SubAuthenticationFilter function.

After you write a subauthentication package, you must add it to the registry before you can use it. The details of this registration are authentication package-specific, but typically you register the package by adding a registry key under the authentication package's key. For instructions on adding subauthentication procedures for MSV1_0 or Kerberos, see Registering Subauthentication Packages.

Additional details on creating a subauthentication package for the MSV1_0 authentication package shipped with Windows can be found in the SubAuth sample shipped with the Platform Software Development Kit (SDK).

For information about writing subauthentication packages for other authentication packages, see the documentation provided by the creator of the authentication package.

Send comments about this topic to Microsoft

Build date: 4/6/2010