Partager via


Authentication Services OS Design Development (Windows Embedded CE 6.0)

1/6/2010

Authentication Services for Windows Embedded CE-based devices provide security services for user authentication, credential management, and message protection through the Security Support Provider Interface (SSPI). Within SSPI, different security options are available. These options include NTLM security support provider (SSP) and Kerberos SSP. Each of these options contains different authentication and cryptographic schemes. You can also provide your own security package and add it to the registry for applications to use.

In addition to the SSPI credential management functionality, a component called Credential Manager is included automatically with Kerberos and NTLM services. Credential Manager allows users an option to save a name, password, and other authentication information on the device. The Credential Manager keeps track of the information and updates it when necessary.

Passport Authentication is a centralized service provided by Microsoft that offers a single logon and core profile services to member sites. This technology is automatically included with WinInet and is fully implemented. This frees application developers from dealing with the details of interacting with the Passport infrastructure.

OS Design Information

The following table shows operating system design information for Authentication Services.

Element Information

Dependencies for Schannel

Requires CryptoAPI 2.0 for certificate management. Schannel is exposed through Winsock and Wininet and not through SSPI.

Dependencies for Passport Authentication

Included automatically with WinInet.

Modules and Components

The following table shows the components and modules that implement Authentication Services.

Item Module Component

Authentication Services

secur32

None

Kerberos Security Support Service Provider

kerberos, cryptdll

None

NTLM Security Support Service Provider

ntlmssp

None

Passport Authentication

wininet

None

Schannel Security Support Service Provider

schannel

None

The following table shows the Sysgen variables that enable Authentication Services.

Sysgen variable Description

SYSGEN_AUTH

Security Support Provider Interface (SSPI) provides a programming interface for user authentication, credential management, and message protection. Available authentication providers include NTLM, Kerberos, and Secure Sockets Layer (SSL). Each provider contains different authentication and cryptographic schemes.

SYSGEN_AUTH_KERBEROS

Kerberos security support provider for mutual authentication between entities.

SYSGEN_AUTH_NTLM

NTLM security support provider that uses challenge and response authentication protocol.

SYSGEN_AUTH_SCHANNEL

Schannel security support provider that uses SSL2, SSL3, and Transport Layer Security (TLS/SSL 3.1) public key-based protocols.

See Also

Other Resources

Authentication Services