Managing User Credentials
Credentials are authenticated logon data, such as a password and user name, that identifies a security principal. Associating a principal's authentication data with a unique logon identifier eliminates the need to reenter this data each time the principal accesses a new machine on the network. These credentials are available only to applications that run in kernel mode or that run in-process with the Local Security Authority (LSA). Because authentication packages and security packages are loaded by the LSA, they have access to this information.
After a logon session has been created, your authentication package can associate credentials, such as a user name and password, with that session. To do so, call AddCredential.
Your authentication package can enumerate the credentials associated with a logon session by calling GetCredentials, and it can delete credentials from a logon session by calling DeleteCredential.
SSP/AP security packages may call the UpdateCredentials function to notify other authentication packages when a principal's credentials have changed.
Note The LSA credential management functions, AddCredential, GetCredentials, and DeleteCredential, are used only by older authentication packages, such as MSV1_0. Newer packages, such as Kerberos, do not use them.
Send comments about this topic to Microsoft
Build date: 4/6/2010