Credential Management

The credential management functions of the Security Support Provider Interface enable applications to gain access to the credentials of a principal, or to free such access. This interface does not allow any other access to the credentials. A principal is an entity recognized by the security system. This includes human users as well as autonomous processes. Credentials are data, such as a password or a Kerberos ticket, used by a principal to establish the identity of the principal.

The AcquireCredentialsHandle function acquires a handle to the pre-existing logon credentials of a specified principal. Applications can use the credentials handle with the context management functions to create a security context.

The FreeCredentialsHandle function releases a credential handle and associated resources back to the security package.

The QueryCredentialsAttributes function queries attributes, such as the associated name, of the credential handle.

The credential management functions use a credential handle, which is a reference to an opaque security object. All references to security objects, such as credentials and contexts, are done through a handle. The security provider dereferences a handle to access the credentials. A credential handle with the value {0xFFFFFFFF, 0xFFFFFFFF} is always invalid.