Credential providers are COM objects located inside DLLs. Winlogon relies on the credential providers installed on the system to obtain a user’s account name or password. For example, Winlogon guarantees that an untrusted process can’t get control of the desktop during one of these operations and thus gain access to the password. The Winlogon process must ensure that operations relevant to security aren’t visible to any other active processes. It coordinates logon, starts the user’s first process at logon, handles logoff, and manages various other operations relevant to security, including launching LogonUI for entering passwords at logon, changing passwords, and locking and unlocking the workstation.
Winlogon is a trusted process responsible for managing security-related user interactions. Kerberos is the Windows authentication package for interactive logon to a domain, and MSV1_0 is the Windows authentication package for interactive logon to a local computer, for domain logons to trusted pre–Windows 2000 domains, and for times when no domain controller is accessible. Authentication packages are DLLs that perform authentication checks. Interactive logon (as opposed to network logon) occurs through the interaction of the logon process (Winlogon), the logon user interface process (LogonUI) and its credential providers, LSASS, one or more authentication packages, and the SAM or Active Directory.
0 kommentar(er)
