Authentication Security Components

5/10/2007

Authentication is the process of a principal, a user, group, or service, or a device validating its identity to another principal or device. Windows XP Embedded includes all of the Windows XP Professional authentication security components.

The following tables show some of the authentication security features and the Windows XP Embedded components that must be added to support them.

Common Binaries

The following common binaries apply to all authentication features. These binaries should be added to configurations that require authentication support.

Required components Key binary

Local Security Authority Subsystem (LSASS)

Lsass.exe, Lsasrv.dll

Primitive: Secur32

Secure32.dll

Primitive: Crypt32

Crypt32.dll

Primitive: Cryptdll

Cryptdll.dll

Primitive: Netapi32

Netapi32.dll

Netlogon/NetJoin

Netlogon.dll

Basic Authentication

Basic Authentication is the native authentication method that is built into HTTP. If this feature is used, HTTP connections can be made using SSL-encrypted links with strong server-side authentication to secure the connection.

Required components Key binary

Win32 API

Advapi32.dll

Digest

Digest authentication is a simple challenge-and-response protocol that provides increased security over Basic Authentication.

Required components Key binary

Digest Authentication Security Package

Wdigest.dll

Windows NT LAN Manager (NTLM)

NTLM is the native authentication protocol for Windows NT 4.0, including cross-domain authentication. Included in Windows XP for backward compatibility.

Required components Key binary

Local Security Authority Subsystem (LSASS)

Msv1_0.dll

Kerberos

Kerberos is an industry-standard authentication protocol.

Required components Key binary

Local Security Authority Subsystem (LSASS)

Kerberos.dll

Passport

Passport is an online user authentication service that enables secure authentication with a single user account.

Required components Key binary

Wininet Library

Wininet.dll

Credential Manager

Credential Manager is a secure storage for password information that allows users to type names and passwords once. Subsequent authorizations are handled by the system.

Required components Key binary

Credential Management User Interface

Credui.dll

Key Manager

Keymgr.dll

Win32 API - Advanced

Advapi32.dll

Secure Channel (X.059 certificates)

Secure channel is a multi-level certification authority hierarchy that allows users to use digitally-signed certificates.

Required components Key binary

Local Security Authority Subsystem (LSASS)

Schannel.dll

Cryptographic Network Services

Cryptnet.dll

Smart Card Subsystem

Smart card is a subsystem that provides access between a Smart Card reader and a Smart Card-aware application.

Required components Key binary

Smart Card Subsystem

Scardsvr.exe, Scardssp.dll

Primitive: Winscard

Winscard.dll

See Also

Concepts

Authorization Security Components

Other Resources

Add Security Features to a Run-Time Image