Hi Jonas, On Thu, Mar 22, 2012 at 7:02 AM, Jonas Vestberg <jo...@zeroed.org> wrote:
> > > Hi > > Since Windows Vista* and Windows Server 2008, domain joined machined can > be configured to use single sign on (SSO). The client must be configured to > "Allow Delegatin of Default Credentials" for hosts that will be made > available using SSO. > > * Feature was later backported to Windows XP SP3. > > How to enable Single Sign-On for my Terminal Server connections > > http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx > > Does this feature go beyond the basic RDP and CredSSP specification or can > RDP SSO be accomplished using RDP-NLA with NTLM or Kerberos authentication? > And the most important question, is this feature supported by the FreeRDP > client today? > > It is a feature which is hard to get, but we're currently working on building the foundations for it. I am working on implementing a 1:1 replacement of the Windows SSPI API, or the API which is used for authentication modules. NLA is composed of multiple SSPI modules such as CredSSP, Negotiate, NTLM, Kerberos, etc. SSO seems to be done with a specific portion of SSPI which I haven't tried implementing yet: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx#credentials_management_functions Functions like CredUIReadSSOCredW and CredUIStoreSSOCredW seem to be what is used for SSO with mstsc.exe, but I haven't confirmed. You can take a look at libfreerdp-sspi here: https://github.com/FreeRDP/FreeRDP/tree/master/libfreerdp-sspi It's not perfectly equivalent to the original yet, my goal is to have an option to be able to compile FreeRDP without or without libfreerdp-sspi at some point on Windows, where we could use the native SSPI API instead. If you want to help with this effort you are more than welcome. Best regards, - Marc-Andre > > Jonas > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Freerdp-devel mailing list > Freerdp-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freerdp-devel > ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
