Using existing credentials using `AcquireCredentialsHandle`

Devolutions / sspi-rs

A Rust implementation of the Security Support Provider Interface (SSPI) API

Apache License 2.0

52 stars 14 forks source link

Using existing credentials using `AcquireCredentialsHandle` #253

Closed jcspencer closed 3 months ago

jcspencer commented 3 months ago

Hi there!

I'm attempting to spin up a web server on a Windows machine running in the context of a gMSA.

Since my service is running in the context of a gMSA, I was hoping to be able to acquire existing credentials using AcquireCredentialsHandle, however, it seems that the wrappers of the native Win32 calls to do this are gone from this library.

Is it at-all possible to wrap a phCredential from the Win32 side into the structures provided by sspi-rs?

Thanks!

awakecoding commented 3 months ago

The goal of sspi-rs is to replace, not wrap, Windows SSPI. We used to have some wrappers around Windows SSPI to facilitate comparison between our replacement and the original. Our focus is mostly on the client-side SSPI functionality, with very limited server-side support. As for gMSA, there's probably a lot of reversing involved if we wanted to attempt a proper replacement implementation. You probably want to use the Windows SSPI APIs directly, not sspi-rs, for gMSA the way you describe it.