Handling credentials provider messages

A credentials provider plug-in receives a number of messages during the course of execution. This section describes the appropriate ways of handling these messages.

System mesages

There are only two system messages that a credentials provider needs to handle. Both of these are explained elsewhere as they deal with initialization and uninitialization of the plug-in. See the following two sections for details on handling these messages.

Credential messages

Listing Credentials

When the Network Identity Manager application needs to refresh the list of credentials that credentials providers are aware of, it sends out a <KMSG_CRED, KMSG_CRED_REFRESH> message.

Each credentials provider is expected to populate a credential set with the credentials that it is aware of and call kcdb_credset_collect() or kcdb_credset_collect_filtered() to merge the credentials into the root credentials set.

In addition to responding to <KMSG_CRED, KMSG_CRED_REFRESH>, each credentials provider is expected to list and merge their credentials during the following events:

Credential Acquisition Message Sequence

The aquisition of new or renewed credentials is conducted via a sequence of messages. Details of handling this sequence is explained in the section Managed credential acquisition .

Destroying Credentials

When a request is received to destroy credentials, Network Identity Manager sends out a <KMSG_CRED, KMSG_CRED_DESTROY_CRED> message. The vparam member of the message will point to a khui_action_context structure that describes which credentials are being destroyed. The plug-in is expected to destroy any credentials that were provided by the plug-in which are included in the user interface context.

See also:
Using Contexts

Importing Credentials

The import action is typically used to request that plug-ins import any relevant credentials from the Windows LSA cache. This typically only applies to plug-ins that provide Kerberos credentials and is not discussed in detail.

Property Pages

Credentials providers are also expected to participate in the user interface when the user makes a request to view the properties of a credential or identity.

Details about handling this sequence of messages is discussed in Property Pages for Credentials .

Address Change Notification

When the Network Identity Manager detects that that IP address of the machine has changed, it will issue a <KMSG_CRED, KMSG_CRED_ADDR_CHANGE>. Handling this notification is optional and is only necessary for credentials providers which are affected by IP address changes. This is just a notification and the plug-in is not expected to take any special action.
Generated on Fri Aug 3 08:27:13 2007 for Network Identity Manager by Doxygen 1.5.2
© 2004-2007 Massachusetts Institute of Technology.
© 2005-2007 Secure Endpoints Inc.
Contact khimaira@mit.edu