en-US/PSSPI.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-SSPICredential</command:name> <command:verb>Get</command:verb> <command:noun>SSPICredential</command:noun> <maml:description> <maml:para>Get a SSPI credential handle.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Get a SSPI credential for use with a security context. Currently a credential can be for the current user context or for an explicit credential.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-SSPICredential</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowPackage</maml:name> <maml:description> <maml:para>Specify security packages that can be used on a `Negotiate` credential. This is used to only allow the list of packages in a `Negotiate` context rather than the defaults used by SSPI.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PackageOrString[]</command:parameterValue> <dev:type> <maml:name>PackageOrString[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:description> <maml:para>Use the username/password of the credentials specified instead of the current user context.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CredentialUse</maml:name> <maml:description> <maml:para>How the credential is to be used. Defaults to `SECPKG_CRED_OUTBOUND` which is used by a client. Multiple values can be specified depending on the desired use.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">SECPKG_CRED_INBOUND</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECPKG_CRED_OUTBOUND</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECPKG_CRED_BOTH</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECPKG_CRED_DEFAULT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECPKG_CRED_AUTOLOGON_RESTRICTED</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECPKG_CRED_PROCESS_POLICY_ONLY</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">CredentialUse</command:parameterValue> <dev:type> <maml:name>CredentialUse</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Package</maml:name> <maml:description> <maml:para>The SSPI package the credential is used for, like `Negotiate`, `Kerberos`, `NTLM`, and more. See Get-SSPIPackage (./Get-SSPIPackage.md)for more details.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PackageOrString</command:parameterValue> <dev:type> <maml:name>PackageOrString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Principal</maml:name> <maml:description> <maml:para>The principal to use with the credential, the purpose of this value depends on the package being used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RejectPackage</maml:name> <maml:description> <maml:para>Specify security packages that cannot be used on a `Negotiate` credential. This is used to exclude a list of packages in a `Negotiate` context rather than the defaults used by SSPI. For example specify `-RejectPackage NTLM` when creating a `Negotiate` credential to disable NTLM negotiation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PackageOrString[]</command:parameterValue> <dev:type> <maml:name>PackageOrString[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowPackage</maml:name> <maml:description> <maml:para>Specify security packages that can be used on a `Negotiate` credential. This is used to only allow the list of packages in a `Negotiate` context rather than the defaults used by SSPI.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PackageOrString[]</command:parameterValue> <dev:type> <maml:name>PackageOrString[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:description> <maml:para>Use the username/password of the credentials specified instead of the current user context.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CredentialUse</maml:name> <maml:description> <maml:para>How the credential is to be used. Defaults to `SECPKG_CRED_OUTBOUND` which is used by a client. Multiple values can be specified depending on the desired use.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CredentialUse</command:parameterValue> <dev:type> <maml:name>CredentialUse</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Package</maml:name> <maml:description> <maml:para>The SSPI package the credential is used for, like `Negotiate`, `Kerberos`, `NTLM`, and more. See Get-SSPIPackage (./Get-SSPIPackage.md)for more details.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PackageOrString</command:parameterValue> <dev:type> <maml:name>PackageOrString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Principal</maml:name> <maml:description> <maml:para>The principal to use with the credential, the purpose of this value depends on the package being used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RejectPackage</maml:name> <maml:description> <maml:para>Specify security packages that cannot be used on a `Negotiate` credential. This is used to exclude a list of packages in a `Negotiate` context rather than the defaults used by SSPI. For example specify `-RejectPackage NTLM` when creating a `Negotiate` credential to disable NTLM negotiation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PackageOrString[]</command:parameterValue> <dev:type> <maml:name>PackageOrString[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSSPI.SspiCredential</maml:name> </dev:type> <maml:description> <maml:para>The generated credential handle. This object has the following properties:</maml:para> <maml:para>+ `SafeHandle`: The handle to the SSPI credentials generated.</maml:para> <maml:para>+ `Expiry`: The expiry of the credentials.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Credentials aren't validated by SSPI when being generated. It is verified when being used by `InitializeSecurityContext` or `AcceptSecurityContext`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title> Example 1: Get the Negotiate credentials for the current user </maml:title> <dev:code>PS C:\> Get-SSPICredential -Package Negotiate</dev:code> <dev:remarks> <maml:para>Gets the SSPI credential for the current user for the `Negotiate` package.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Get the Kerberos credential with an explicit user -</maml:title> <dev:code>PS C:\> $cred = Get-Credential PS C:\> Get-SSPICredential -Package Kerberos -Credential $cred</dev:code> <dev:remarks> <maml:para>Gets the SSPI credential with explicit credentials for the `Kerberos` package.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 3: Create Negotiate credential but disable NTLM ---</maml:title> <dev:code>PS C:\> Get-SSPICredential -Package Negotiate -RejectPackage NTLM</dev:code> <dev:remarks> <maml:para>Gets the SSPI credential for the current user for the `Negotiate` package but disables use of NTLM. This means that `Negotiate` will attempt to use `Kerberos` or `NegoEx` but will not attempt to use `NTLM` as a fallback.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/Get-SSPICredential.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>AcquireCredentialsHandleW</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/secauthn/acquirecredentialshandle--general</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-SSPIPackage</command:name> <command:verb>Get</command:verb> <command:noun>SSPIPackage</command:noun> <maml:description> <maml:para>Gets security package information.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Gets information about the installed security packages that SSPI can use.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-SSPIPackage</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Get the details of the security packages specified. If omitted then all security packages will be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Get the details of the security packages specified. If omitted then all security packages will be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>SSPI.SecPackageInfo</maml:name> </dev:type> <maml:description> <maml:para>The security package information. This object has the following properties:</maml:para> <maml:para>+ `Name`: The name of the security package.</maml:para> <maml:para>+ `Comment`: Additional information of the security package.</maml:para> <maml:para>+ `Capabilities`: Set of bit flags that describes the capabilities of the security package.</maml:para> <maml:para>+ `Version`: Specifies the version of the package protocol. Must be 1.</maml:para> <maml:para>+ `RPCID`: Specifies a DCE RPC identifier, if appropriate. If the package does not implement one of the DCE registered security systems, the reserved value SECPKG_ID_NONE is used.</maml:para> <maml:para>+ `MaxTokenSize`: Specifies the maximum size, in bytes, of the token.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Get all installed security packages --------</maml:title> <dev:code>PS C:\> Get-SSPIPackage</dev:code> <dev:remarks> <maml:para>Get the details of all the installed security packages.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Get information about a specific security package -</maml:title> <dev:code>PS C:\> Get-SSPIPackage -Name Negotiate, Kerberos</dev:code> <dev:remarks> <maml:para>Get the details of the `Negotiate` and `Kerberos` security package.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/Get-SSPIPackage.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>EnumerateSecurityPackagesW</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-enumeratesecuritypackagesw</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>QuerySecurityPackageInfoW</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-querysecuritypackageinfow</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>SecPkgInfoW</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-secpkginfow</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-ChannelBindingBuffer</command:name> <command:verb>New</command:verb> <command:noun>ChannelBindingBuffer</command:noun> <maml:description> <maml:para>Create channel binding structure for authentication.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates a security buffer that can be supplied when stepping through an security context that contains the channel binding data for a context.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-ChannelBindingBuffer</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Acceptor</maml:name> <maml:description> <maml:para>The acceptor address data. This is typically unusued.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AcceptorAddrType</maml:name> <maml:description> <maml:para>The acceptor address type. This is typically unused.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ApplicationData</maml:name> <maml:description> <maml:para>The application data of the channel binding. The value here depends on the channel binding being used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Initiator</maml:name> <maml:description> <maml:para>The initiator address data. This is typically unusued.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InitiatorAddrType</maml:name> <maml:description> <maml:para>The initiator address type. This is typically unused.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Acceptor</maml:name> <maml:description> <maml:para>The acceptor address data. This is typically unusued.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AcceptorAddrType</maml:name> <maml:description> <maml:para>The acceptor address type. This is typically unused.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ApplicationData</maml:name> <maml:description> <maml:para>The application data of the channel binding. The value here depends on the channel binding being used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Initiator</maml:name> <maml:description> <maml:para>The initiator address data. This is typically unusued.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InitiatorAddrType</maml:name> <maml:description> <maml:para>The initiator address type. This is typically unused.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSSPI.ChannelBindingBuffer</maml:name> </dev:type> <maml:description> <maml:para>The generated channel binding buffer. This object has the following properties:</maml:para> <maml:para>+ `InitiatorAddrType` - The initiator address type</maml:para> <maml:para>+ `Initiator` - The initiator address data</maml:para> <maml:para>+ `AcceptorAddrType` - The acceptor address type</maml:para> <maml:para>+ `Acceptor` - The acceptor address data</maml:para> <maml:para>+ `ApplicationData` - The application data</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Create channel binding with application data ---</maml:title> <dev:code>PS C:\> $cb = New-ChannelBindingBuffer -ApplicationData $byteArray</dev:code> <dev:remarks> <maml:para>Creates the channel binding buffer with `ApplicationData` set to the byte array passed in.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/New-ChannelBindingBuffer.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>SEC_CHANNEL_BINDINGS</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_channel_bindings</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-SecBuffer</command:name> <command:verb>New</command:verb> <command:noun>SecBuffer</command:noun> <maml:description> <maml:para>Create an SSPI security buffer</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates an SSPI security buffer that can be used for SSPI functions. This buffer is typically used for stepping through a new security context or encrypting/decrypting a message.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-SecBuffer</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Data</maml:name> <maml:description> <maml:para>The raw byte array of the data the buffer represents or `$null` to use a buffer that should be populated by Windows during an SSPI call.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Custom flags to set on th security buffer.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">NONE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_READONLY_WITH_CHECKSUM</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_RESERVED</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_READONLY</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">SecBufferFlags</command:parameterValue> <dev:type> <maml:name>SecBufferFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>The security buffer type that the data represents.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_EMPTY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_DATA</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_TOKEN</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_PKG_PARAMS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_MISSING</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_EXTRA</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_STREAM_TRAILER</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_STREAM_HEADER</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_NEGOTIATION_INFO</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_PADDING</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_STREAM</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_MECHLIST</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_MECHLIST_SIGNATURE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_TARGET</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_CHANNEL_BINDINGS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_CHANGE_PASS_RESPONSE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_TARGET_HOST</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_ALERT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_APPLICATION_PROTOCOLS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_SRTP_PROTECTION_PROFILES</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_SRTP_MASTER_KEY_IDENTIFIER</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_TOKEN_BINDING</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_PRESHARED_KEY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECBUFFER_PRESHARED_KEY_IDENTITY</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">SecBufferType</command:parameterValue> <dev:type> <maml:name>SecBufferType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Data</maml:name> <maml:description> <maml:para>The raw byte array of the data the buffer represents or `$null` to use a buffer that should be populated by Windows during an SSPI call.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Byte[]</command:parameterValue> <dev:type> <maml:name>Byte[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Custom flags to set on th security buffer.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecBufferFlags</command:parameterValue> <dev:type> <maml:name>SecBufferFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>The security buffer type that the data represents.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecBufferType</command:parameterValue> <dev:type> <maml:name>SecBufferType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSSPI.SecurityBuffer</maml:name> </dev:type> <maml:description> <maml:para>An SSPI security buffer. This contains the following properties:</maml:para> <maml:para>+ `Type` - The security buffer type</maml:para> <maml:para>+ `Flags` - Flags for the security buffer</maml:para> <maml:para>+ `Length` - The length of populated data, will be the length of `Data` on creation but may be modified by a call to SSPI</maml:para> <maml:para>+ `Data` - The raw bytes of the buffer, or `$null` if the data is to be set by SSPI</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Create token security buffer -----------</maml:title> <dev:code>PS C:\> New-SecBuffer -Type SECBUFFER_TOKEN -Data $byteArray</dev:code> <dev:remarks> <maml:para>Creates a security buffer that stores a token used with authentication. The `$byteArray` is a byte array from an external source.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 2: Create token security buffer with no user value --</maml:title> <dev:code>PS C:\> New-SecBuffer -Type SECBUFFER_TOKEN</dev:code> <dev:remarks> <maml:para>Creates an empty security buffer without any data present. This type of security buffer is useful when calling an API that will populate the data based on the operation it performs.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/New-SecBuffer.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>SecBuffer</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-secbuffer</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-SecContext</command:name> <command:verb>New</command:verb> <command:noun>SecContext</command:noun> <maml:description> <maml:para>Creates an SSPI context.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates the initial SSPI context using an optional credential. This context needs to be stepped through to be usable and to produce the security tokens exchanged with a peer.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-SecContext</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:description> <maml:para>The SSPI credential created by Get-SSPICredential (./Get-SSPICredential.md)to use for the context. If omitted then the current user context will be used with the security context.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Credential</command:parameterValue> <dev:type> <maml:name>Credential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:description> <maml:para>The SSPI credential created by Get-SSPICredential (./Get-SSPICredential.md)to use for the context. If omitted then the current user context will be used with the security context.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Credential</command:parameterValue> <dev:type> <maml:name>Credential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSSPI.SecurityContext</maml:name> </dev:type> <maml:description> <maml:para>+ `Credential` - The credential associated with the context</maml:para> <maml:para>+ `SafeHandle` - The handle to the SSPI security context</maml:para> <maml:para>+ `Expiry` - The expiry of the security context</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Create a security context for the current user --</maml:title> <dev:code>PS C:\> $cred = Get-SSPICredential -Package Negotiate PS C:\> $ctx = New-SecContext -Credential $cred</dev:code> <dev:remarks> <maml:para>Creates an SSPI context for the `Negotiate` provider using the user's current credentials.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/New-SecContext.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-KdcProxy</command:name> <command:verb>Set</command:verb> <command:noun>KdcProxy</command:noun> <maml:description> <maml:para>Set the KDC proxy settings on an SSPI credential.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Sets the KDC proxy settings for a Kerberos exchange on the provided SSPI credential. This is used to either set a new proxy or override global wide settings for Kerberos exchanges. This cmdlet will fail if the credential was created for a security provider that was not `Kerberos` or `Negotiate`.</maml:para> <maml:para>The proxy settings will be used anytime the credential it was set on was used with a security context.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-KdcProxy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:description> <maml:para>The SSPI credential to set the proxy settings on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Credential</command:parameterValue> <dev:type> <maml:name>Credential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ForceProxy</maml:name> <maml:description> <maml:para>Set the `KDC_PROXY_SETTINGS_FLAGS_FORCEPROXY` flag on the proxy settings. This forces SSPI to always use the proxy provided instead of only when the configured KDC was unreachable through normal means.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>The proxy server to set. This should be in the format `hostname` or `hostname:port:path`. If only the hostname is set then Windows will automatically use the the `port:path` or `443:KdcProxy`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Credential</maml:name> <maml:description> <maml:para>The SSPI credential to set the proxy settings on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Credential</command:parameterValue> <dev:type> <maml:name>Credential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ForceProxy</maml:name> <maml:description> <maml:para>Set the `KDC_PROXY_SETTINGS_FLAGS_FORCEPROXY` flag on the proxy settings. This forces SSPI to always use the proxy provided instead of only when the configured KDC was unreachable through normal means.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>The proxy server to set. This should be in the format `hostname` or `hostname:port:path`. If only the hostname is set then Windows will automatically use the the `port:path` or `443:KdcProxy`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Set the proxy for an SSPI credential -------</maml:title> <dev:code>PS C:\> $cred = Get-SSPICredential -Package Kerberos PS C:\> Set-KdcProxy -Credential $cred -Server proxy-host</dev:code> <dev:remarks> <maml:para>Sets the KDC proxy to `proxy-host` for the provided SSPI credential.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/Set-KdcProxy.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>SetCredentialsAttributesW</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-setcredentialsattributesw</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>SecPkgCredentials_KdcProxySettingsW</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-secpkgcredentials_kdcproxysettingsw</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Step-AcceptSecContext</command:name> <command:verb>Step</command:verb> <command:noun>AcceptSecContext</command:noun> <maml:description> <maml:para>Steps through a clients security context exchange.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Performs an exchange of security tokens required for a server to authenticate a client. This is the first operation that should be performed on a security context and is required before the context can be used for toehr operations, like encyrption.</maml:para> <maml:para>Because the number of calls required relies on the security provider being used, this function may need to be called multiple times. Check the `Result` value on the output object to see what needs to happen next. These are the following result values that can be returned:</maml:para> <maml:para>+ `Ok` - The context is complete no more stepping is required</maml:para> <maml:para>+ `CompleteAndContinue` - A call to `Complete-AuthToken` (TBD) is required and one final token from the peer should be passed to `Step-InitSecContext`</maml:para> <maml:para>+ `CompleteNeeded` - A call to `Complete-AuthToken` (TBD) is required</maml:para> <maml:para>+ `ContinueNeeded` - The output token should be exchanged with the peer and input passed back into `Step-InitSecContext`</maml:para> <maml:para>On the common security providers, NTLM, Kerberos, and Negotiate, the `Ok` and `ContinueNeeded` responses are expected.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Step-AcceptSecContext</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Context</maml:name> <maml:description> <maml:para>The SSPI security context created with `New-SecContext`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecurityContext</command:parameterValue> <dev:type> <maml:name>SecurityContext</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextReq</maml:name> <maml:description> <maml:para>Request options to use when creating the context. Some options only work for certain security providers. Requesting one of these options isn't guaranteed to be set once the context is complete, check the `Flags` value on the output result to verify the requested options were set on the context.</maml:para> <maml:para>The `ASC_REQ_ALLOCATE_MEMORY` flag should be set if the output buffers need to be allocated by SSPI.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">NONE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_DELEGATE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_MUTUAL_AUTH</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_REPLAY_DETECT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_SEQUENCE_DETECT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_CONFIDENTIALITY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_USE_SESSION_KEY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_SESSION_TICKET</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_ALLOCATE_MEMORY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_USE_DCE_STYLE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_DATAGRAM</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_CONNECTION</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_CALL_LEVEL</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_FRAGMENT_SUPPLIED</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_EXTENDED_ERROR</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_STREAM</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_INTEGRITY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_LICENSING</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_IDENTIFY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_ALLOW_NULL_SESSION</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_ALLOW_NON_USER_LOGONS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_ALLOW_CONTEXT_REPLAY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_FRAGMENT_TO_FIT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_NO_TOKEN</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_PROXY_BINDINGS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ASC_REQ_ALLOW_MISSING_BINDINGS</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">AcceptorContextRequestFlags</command:parameterValue> <dev:type> <maml:name>AcceptorContextRequestFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NONE</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the input to the stepping call. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>The input buffers that are required are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the output to the stepping cal. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>When using the sec buffer type value, the context requirement flag `ASC_REQ_ALLOCATE_MEMORY` should be set which has SSPI allocate the memory for the output generated. Otherwise a pre-allocated byte array should be specified for any output buffers needed. Pre-allocated byte arrays should be large enough to contain the data that is needed.</maml:para> <maml:para>The output buffers specified are used directly by SSPI so the input byte value may be mutated as it is. The return value also contains the `Buffers` property which is another reference to the output buffers that were used with SSPI.</maml:para> <maml:para>The output buffers used are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TargetDataRep</maml:name> <maml:description> <maml:para>Controls how the output buffer data is to be aligned.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">SECURITY_NETWORK_DREP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECURITY_NATIVE_DREP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">TargetDataRep</command:parameterValue> <dev:type> <maml:name>TargetDataRep</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SECURITY_NATIVE_DREP</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Context</maml:name> <maml:description> <maml:para>The SSPI security context created with `New-SecContext`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecurityContext</command:parameterValue> <dev:type> <maml:name>SecurityContext</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextReq</maml:name> <maml:description> <maml:para>Request options to use when creating the context. Some options only work for certain security providers. Requesting one of these options isn't guaranteed to be set once the context is complete, check the `Flags` value on the output result to verify the requested options were set on the context.</maml:para> <maml:para>The `ASC_REQ_ALLOCATE_MEMORY` flag should be set if the output buffers need to be allocated by SSPI.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">AcceptorContextRequestFlags</command:parameterValue> <dev:type> <maml:name>AcceptorContextRequestFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NONE</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the input to the stepping call. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>The input buffers that are required are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the output to the stepping cal. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>When using the sec buffer type value, the context requirement flag `ASC_REQ_ALLOCATE_MEMORY` should be set which has SSPI allocate the memory for the output generated. Otherwise a pre-allocated byte array should be specified for any output buffers needed. Pre-allocated byte arrays should be large enough to contain the data that is needed.</maml:para> <maml:para>The output buffers specified are used directly by SSPI so the input byte value may be mutated as it is. The return value also contains the `Buffers` property which is another reference to the output buffers that were used with SSPI.</maml:para> <maml:para>The output buffers used are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TargetDataRep</maml:name> <maml:description> <maml:para>Controls how the output buffer data is to be aligned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">TargetDataRep</command:parameterValue> <dev:type> <maml:name>TargetDataRep</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SECURITY_NATIVE_DREP</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSSPI.AcceptResult</maml:name> </dev:type> <maml:description> <maml:para>The result from the accept call. This object contains the following properties:</maml:para> <maml:para>+ `Result` - The current status of the stepping call, use this to determine what the next step should be</maml:para> <maml:para>+ `Buffers` - The output buffers from the stepping call, the buffer types correspond to the `-OutputBuffer` values specified</maml:para> <maml:para>+ `Flags` - The context attributes, these should be ignored until `Result` is `Ok`</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Set up a Kerberos security context --------</maml:title> <dev:code>PS C:\> $cred = Get-SSPICredential -Package Kerberos -CredentialUse SECPKG_CRED_OUTBOUND PS C:\> $ctx = New-SecContext -Credential $cred PS C:\> $inToken = Receive-SecToken -Client client.domain.com PS C:\> $res = Step-AcceptSecContext -Context $ctx -InputBuffer $inToken -OutputBuffer SECBUFFER_TOKEN -ContextReq ISC_REQ_ALLOCATE_MEMORY PS C:\> if ($res.Buffers) { ... Send-SecToken -Client client.domain.com -Data $res.Buffers[0].Data ... } PS C:\> "done"</dev:code> <dev:remarks> <maml:para>Creates a servr context for Kerberos and exchanges the tokens with the client. The code also optionally sends the output token to the client if there was one for mutual authentication.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/Step-AcceptSecContext.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>AcceptSecurityContext</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Step-InitSecContext</command:name> <command:verb>Step</command:verb> <command:noun>InitSecContext</command:noun> <maml:description> <maml:para>Steps through a clients security context exchange.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Performs an exchange of security tokens required to set up a security context. This is the first operation that should be performed on a security context and is required before the context can be used for other operations, like encryption.</maml:para> <maml:para>Because the number of calls required relies on the security provider being used, this function may need to be called multiple times. Check the `Result` value on the output object to see what needs to happen next. These are the following result values that can be returned:</maml:para> <maml:para>+ `Ok` - The context is complete no more stepping is required</maml:para> <maml:para>+ `CompleteAndContinue` - A call to `Complete-AuthToken` (TBD) is required and one final token from the peer should be passed to `Step-InitSecContext`</maml:para> <maml:para>+ `CompleteNeeded` - A call to `Complete-AuthToken` (TBD) is required</maml:para> <maml:para>+ `ContinueNeeded` - The output token should be exchanged with the peer and input passed back into `Step-InitSecContext`</maml:para> <maml:para>On the common security providers, NTLM, Kerberos, and Negotiate, the `Ok` and `ContinueNeeded` responses are expected.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Step-InitSecContext</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Context</maml:name> <maml:description> <maml:para>The SSPI security context created with `New-SecContext`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecurityContext</command:parameterValue> <dev:type> <maml:name>SecurityContext</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Target</maml:name> <maml:description> <maml:para>The service target name the client is authenticating against. The value that should be used here depends on the SSPI security provider being called. For `NTLM`, `Kerberos`, `Negotiate` this should be the Service Principal Name (`SPN`). For Schannel this is typically the server name used to validate the certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextReq</maml:name> <maml:description> <maml:para>Request options to use when creating the context. Some options only work for certain security providers. Requesting one of these options isn't guaranteed to be set once the context is complete, check the `Flags` value on the output result to verify the requested options were set on the context.</maml:para> <maml:para>The `ISC_REQ_ALLOCATE_MEMORY` flag should be set if the output buffers need to be allocated by SSPI.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">NONE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_DELEGATE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_MUTUAL_AUTH</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_REPLAY_DETECT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_SEQUENCE_DETECT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_CONFIDENTIALITY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_USE_SESSION_KEY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_PROMPT_FOR_CREDS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_USE_SUPPLIED_CREDS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_ALLOCATE_MEMORY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_USE_DCE_STYLE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_DATAGRAM</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_CONNECTION</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_CALL_LEVEL</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_FRAGMENT_SUPPLIED</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_EXTENDED_ERROR</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_STREAM</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_INTEGRITY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_IDENTIFY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_NULL_SESSION</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_MANUAL_CRED_VALIDATION</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_RESERVED1</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_FRAGMENT_TO_FIT</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_FORWARD_CREDENTIALS</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_NO_INTEGRITY</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_USE_HTTP_STYLE</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_UNVERIFIED_TARGET_NAME</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ISC_REQ_CONFIDENTIALITY_ONLY</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">InitiatorContextRequestFlags</command:parameterValue> <dev:type> <maml:name>InitiatorContextRequestFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NONE</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the input to the stepping call. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>The input buffers that are required are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the output to the stepping cal. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>When using the sec buffer type value, the context requirement flag `ISC_REQ_ALLOCATE_MEMORY` should be set which has SSPI allocate the memory for the output generated. Otherwise a pre-allocated byte array should be specified for any output buffers needed. Pre-allocated byte arrays should be large enough to contain the data that is needed.</maml:para> <maml:para>The output buffers specified are used directly by SSPI so the input byte value may be mutated as it is. The return value also contains the `Buffers` property which is another reference to the output buffers that were used with SSPI.</maml:para> <maml:para>The output buffers used are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TargetDataRep</maml:name> <maml:description> <maml:para>Controls how the output buffer data is to be aligned.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">SECURITY_NETWORK_DREP</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SECURITY_NATIVE_DREP</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">TargetDataRep</command:parameterValue> <dev:type> <maml:name>TargetDataRep</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SECURITY_NATIVE_DREP</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Context</maml:name> <maml:description> <maml:para>The SSPI security context created with `New-SecContext`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecurityContext</command:parameterValue> <dev:type> <maml:name>SecurityContext</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextReq</maml:name> <maml:description> <maml:para>Request options to use when creating the context. Some options only work for certain security providers. Requesting one of these options isn't guaranteed to be set once the context is complete, check the `Flags` value on the output result to verify the requested options were set on the context.</maml:para> <maml:para>The `ISC_REQ_ALLOCATE_MEMORY` flag should be set if the output buffers need to be allocated by SSPI.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InitiatorContextRequestFlags</command:parameterValue> <dev:type> <maml:name>InitiatorContextRequestFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NONE</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the input to the stepping call. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>The input buffers that are required are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputBuffer</maml:name> <maml:description> <maml:para>The security buffers to use as the output to the stepping cal. This can be specified in 3 different ways</maml:para> <maml:para>+ A byte array which is used as a `SECBUFFER_TOKEN` input buffer</maml:para> <maml:para>+ A class that implements `ISecBuffer` that can be generated by `New-SecBuffer` or `New-ChannelBindingBuffer`</maml:para> <maml:para>+ A sec buffer type that generates an empty/null buffer for that type</maml:para> <maml:para>When using the sec buffer type value, the context requirement flag `ISC_REQ_ALLOCATE_MEMORY` should be set which has SSPI allocate the memory for the output generated. Otherwise a pre-allocated byte array should be specified for any output buffers needed. Pre-allocated byte arrays should be large enough to contain the data that is needed.</maml:para> <maml:para>The output buffers specified are used directly by SSPI so the input byte value may be mutated as it is. The return value also contains the `Buffers` property which is another reference to the output buffers that were used with SSPI.</maml:para> <maml:para>The output buffers used are dependent on the SSPI security provider being called.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ISecBuffer[]</command:parameterValue> <dev:type> <maml:name>ISecBuffer[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Target</maml:name> <maml:description> <maml:para>The service target name the client is authenticating against. The value that should be used here depends on the SSPI security provider being called. For `NTLM`, `Kerberos`, `Negotiate` this should be the Service Principal Name (`SPN`). For Schannel this is typically the server name used to validate the certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TargetDataRep</maml:name> <maml:description> <maml:para>Controls how the output buffer data is to be aligned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">TargetDataRep</command:parameterValue> <dev:type> <maml:name>TargetDataRep</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SECURITY_NATIVE_DREP</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSSPI.InitializeResult</maml:name> </dev:type> <maml:description> <maml:para>The result from the initialize call. This object contains the following properties:</maml:para> <maml:para>+ `Result` - The current status of the stepping call, use this to determine what the next step should be</maml:para> <maml:para>+ `Buffers` - The output buffers from the stepping call, the buffer types correspond to the `-OutputBuffer` values specified</maml:para> <maml:para>+ `Flags` - The context attributes, these should be ignored until `Result` is `Ok`</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Set up a Kerberos security context --------</maml:title> <dev:code>PS C:\> $spn = "host/server.domain.com" PS C:\> $ctx = New-SecContext -Credential (Get-SSPICredential -Package Kerberos) PS C:\> $res = Step-InitSecContext -Context $ctx -Target $spn -OutputBuffer SECBUFFER_TOKEN -ContextReq ISC_REQ_ALLOCATE_MEMORY PS C:\> Send-SecToken -Server server.domain.com -Data $res.Buffers[0].Data PS C:\> $inToken = Receive-SecToken -Server server.domain.com PS C:\> if ($inToken) { ... $null = Step-InitSecContext -Context $ctx -Target $spn -InputBuffer $inToken ... } PS C:\> "done"</dev:code> <dev:remarks> <maml:para>Creates a client context for Kerberos and exchanges the tokens to the server. The code also optionally processes the input token from the server if there was one for mutual authentication.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://www.github.com/jborean93/PSSPI/blob/main/docs/en-US/Step-InitSecContext.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>InitializeSecurityContext</maml:linkText> <maml:uri>https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-initializesecuritycontextw</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |