Authentication Security Components
5/10/2007
Authentication is the process of a principal, a user, group, or service, or a device validating its identity to another principal or device. Windows XP Embedded includes all of the Windows XP Professional authentication security components.
The following tables show some of the authentication security features and the Windows XP Embedded components that must be added to support them.
Common Binaries
The following common binaries apply to all authentication features. These binaries should be added to configurations that require authentication support.
| Required components | Key binary |
|---|---|
Local Security Authority Subsystem (LSASS) |
Lsass.exe, Lsasrv.dll |
Primitive: Secur32 |
Secure32.dll |
Primitive: Crypt32 |
Crypt32.dll |
Primitive: Cryptdll |
Cryptdll.dll |
Primitive: Netapi32 |
Netapi32.dll |
Netlogon/NetJoin |
Netlogon.dll |
Basic Authentication
Basic Authentication is the native authentication method that is built into HTTP. If this feature is used, HTTP connections can be made using SSL-encrypted links with strong server-side authentication to secure the connection.
| Required components | Key binary |
|---|---|
Win32 API |
Advapi32.dll |
Digest
Digest authentication is a simple challenge-and-response protocol that provides increased security over Basic Authentication.
| Required components | Key binary |
|---|---|
Digest Authentication Security Package |
Wdigest.dll |
Windows NT LAN Manager (NTLM)
NTLM is the native authentication protocol for Windows NT 4.0, including cross-domain authentication. Included in Windows XP for backward compatibility.
| Required components | Key binary |
|---|---|
Local Security Authority Subsystem (LSASS) |
Msv1_0.dll |
Kerberos
Kerberos is an industry-standard authentication protocol.
| Required components | Key binary |
|---|---|
Local Security Authority Subsystem (LSASS) |
Kerberos.dll |
Passport
Passport is an online user authentication service that enables secure authentication with a single user account.
| Required components | Key binary |
|---|---|
Wininet Library |
Wininet.dll |
Credential Manager
Credential Manager is a secure storage for password information that allows users to type names and passwords once. Subsequent authorizations are handled by the system.
| Required components | Key binary |
|---|---|
Credential Management User Interface |
Credui.dll |
Key Manager |
Keymgr.dll |
Win32 API - Advanced |
Advapi32.dll |
Secure Channel (X.059 certificates)
Secure channel is a multi-level certification authority hierarchy that allows users to use digitally-signed certificates.
| Required components | Key binary |
|---|---|
Local Security Authority Subsystem (LSASS) |
Schannel.dll |
Cryptographic Network Services |
Cryptnet.dll |
Smart Card Subsystem
Smart card is a subsystem that provides access between a Smart Card reader and a Smart Card-aware application.
| Required components | Key binary |
|---|---|
Smart Card Subsystem |
Scardsvr.exe, Scardssp.dll |
Primitive: Winscard |
Winscard.dll |
See Also
Concepts
Authorization Security Components