This is a technical question about how the kerberos ticket is stored for logon when the DC is unavailable. I asked it in the wrong forum initially. I think this is the right one... I understand that when you logon to the domain, with a smart card, you get a kerberos ticket that is cached in the clear for use when you want to access resources. This ticket is also stored in the form {ticket}_pub , by which I mean that the ticket is encrypted under the public key of the cert in the smart card. Then if the user attempts to logon when the DC is unavailable (offline case), the user authenticates to the local machine by using her private key in the smart card, to release (decrypt) the ticket. I presume that the released (clear) ticket is compared to the cached clear ticket, for authentication. Is this right? Or is the cached clear ticket replaced by a cached hash of the clear ticket when the user logs out? In this latter alternative of course, the newly released ticket would be hashed before comparison, for authentication. Help appreciated. Regards, Mike

Cached Credentials are stored each time a successful interactive logon is performed and the system caches the credentials that was used at the time of logon. This means the user can later log on to the same workstation with the same credentials even if the domain controller can not be found. Kerberos is not part of nor used to perform a local logon using cached credentials. The username and password are not cached as is. Instead, the system stores an encrypted verifier of the password. This verifier is a salted MD4 hash that is computed two times. When Smart Card logon is used then the verifier does not include information about the user password but information about the public/private key associated with the certificate that was used at the time of logon. /Hasain

What you say, Hasain, is consistent with my original statement, provided you understood that during offline logon, while a kerberos exchange does not take place, a previously obtained kerberos ticket *is* involved as I described. My question is about the form of the cached credential, in the smart card + kerberos case, that is kept for use during logon when the DC is unavailable. I need a boffin, preferably from msft, to tell me whether the cached kerberos ticket is hashed after logout. If you, Hasain, are that boffin then gimme more! Perhaps someone can direct me to a more narrow MS domain logon crypto related forum... Thanks, Mike

Smart Card Logon White paper (rather old and could not find it at microsoft.com any more) http://craigchamberlain.com/library/microsoft/sclogon.doc "When a user is disconnected from the network or the domain controller is unreachable due to failure somewhere along the network path, a user must still be able to logon to his or her computer. With passwords this capability is supported by comparing the hashed password stored by the LSA with a hash of the credential that the user supplied to the GINA during logon. If the hashes are the same then the user can be authenticated to the local machine. In the smart card case, offline logon requires the user’s private key to decrypt supplemental credentials originally encrypted using the user’s public key. If the user has multiple smart cards then the supplemental credentials must be encrypted and referenced based on the hash of the certificate to ensure that the user can perform an offline logon regardless of what card is used..." How Smart Card Logon Works in Windows http://technet.microsoft.com/en-us/library/ff404285(WS.10).aspx "To perform cached smart card logon (to log on when the domain controller is not available), the system accesses symmetrically encrypted information that was stored locally during the last logon with the domain controller. For the RSA signature algorithm, the key that encrypts and decrypts this cached information is derived from a random value signed with the RSA logon key..." This is all I have right now :) and yes the "supplemental credentials" are hashed and encrypted in slightly different ways depending on the version of the OS and the credentials used. I have never seen any information about using any kerberos tickets as the "supplemental credentials" in cached credentials and as far as I know the kerberos ticket cache kept by LSA is destroyed when the user logs out. /Hasain

Thanks for your input, Hasain. I read those two docs. They are consistent with what I was saying. The "supplemental credentials" are a TGT (Ticket Granting Ticket) that the Kerberos KDC has sent to the user. That's what I meant about a kerberos ticket. In the traditional RSA case, it's encrypted under the smart card public key (ie, under a symmetric key, which is itself then encrypted under the public key and bundled with the encrypted credential). This encrypted TGT is sent to the user, who decrypts it. It is also signed, and the user checks the sig. As an aside, I don't quite understand the generation of the symmetric key, in either the RSA case or the Elliptic Curve case. Why don't they just use a random symmetric key, instead of a key derived from a signature? Fortunately, I (we) don't have to understand that. The encrypted TGT is kept around after logout, for the offline logon case. When the user logs in, and the DC is unavailable, he decrypts the TGT and reuses it. I admit that there are many things I don't understand about this. Still hoping to find out whether the plain TGT is also kept around after logout... Mike

Mike, Did you ever find a definitive answer to this question? I've been doing research among similar lines and ended up where you did. Please let me know if you've been able to answer your question, thanks.

Nope, never got any closer. My blurbs above have served me a couple of times as a record of my thoughts, but I never got the answer. Please let me know if you find out. Thanks. Mike Nelson