3.1 Windows Credential Providers

Credential Providers are in-process COM objects used to collect credentials for authentication. Credential Providers describe the credential information required for authentication to the Local Security Authority (LSA) or to an application. For an interactive user logon, this credential information is presented to the user in the form of a “tile” that contains informational and editable fields. Users interact with the tile by entering their usernames and passwords, then clicking a right-arrow button.

Figure 3-1 Windows Welcome Screen

In Windows 10, Windows 8, Windows 7 and Windows Server 2012, the Winlogon process launches the LogonUI process after it receives a SAS event. LogonUI queries each Credential Provider for the number of credential tiles that it wants to display. A Credential Provider might, for example, display a tile for each local machine user. One of these tiles can be configured to be the default tile initially displayed to the user. After LogonUI is finished querying the Credential Providers for their tiles, it displays all of the enumerated tiles to the user. After the user supplies information for the requested fields, LogonUI submits the credentials for authentication.

Credential Providers are not enforcement mechanisms. They are used only to gather and serialize credentials. The Local Security Authority and authentication packages enforce security. Credential Providers are responsible for:

  • Describing the credential information required for authentication.

  • Handling communication and logic with external authentication authorities.

  • Packaging credentials for interactive network logon.

Even though multiple Credential Providers can be displayed to a user on a machine, only the one selected by the user is allowed to provide credentials to the interactive logon process.

For more information, see Create Custom Login Experiences With Credential Providers For Windows Vista

3.1.1 Windows Live ID Based Credential Authentication

In Novell Client 2 SP4 for Windows, Microsoft Windows Live ID based login is supported. To use this feature, ensure that your administrator has added your Windows Live ID to your PC. For more information on adding a Live ID to a Windows PC, refer the Microsoft article on Your life, connected and to create a Live ID, refer How do I sign up for a Microsoft account?

Logging on to Your PC Using Windows Live ID

Once your Live ID is added to the PC and after a successful Novell login, in the Log on to this computer screen, enter your Live ID username and password.

Figure 3-2 Windows Live ID Login Screen

In the Novell Windows client environment, users are expected authenticate to the network first using the Novell Client Credential provider and then to their PC using Live ID. Or, you can combine your network login and your Windows Live ID login in the Novell Client login screen.

To combine your network and Windows Live ID login:

  1. In the Novell Login screen, click Show Advanced Options.

  2. In the Novell Login dialog, on the Windows tab, type the Windows Live ID in the Local username text box and then click Apply.

    NOTE:Ignore the From: list box for now. It will be disabled in case of a Windows Live ID login.

Figure 3-3 Novell Login with Windows Live ID

Limitations of Windows Live ID Based Login

The Novell Client 2 SP4 password sync feature that is used to synchronize your Windows password to that of the eDirectory does not work in case of a Windows Live ID based login.

Figure 3-4 The Unsupported Password Sync Feature

Also, the change password feature is not supported by Novell Client when Windows Live ID is used for computer log in.

Figure 3-5 The Unsupported Novell Client Change Password Feature