PTC MKS Toolkit Knowledge Base

Product:MKS Toolkit (TKPDev/TKEDev)
Keywords:validate, password, fail, error
Category:Porting/Knowledge Base

What is the cause of _NutValidatePassword() failing, returning errno 13, permission denied?

The underlying Win32 function which implements this routine, LogonUser, requires SE_TCB_NAME privilege. (TCB is an acronym for Trusted Computer Base) In the UserManager application, this privilege is called Act as part of the operating system.

For _NutValidatePassword to succeed, a user must have the SE_TCB_NAME privilege in the domain that he is querying. The errno setting of 13 is a translation of the Win32 error, ERROR_PRIVILEGE_NOT_HELD.

This is a security feature. Without this control, it would be much simpler for a malicious user to mount dictionary attacks against your system. To get the _NuTValidatePassword function to work, you need to assign the SE_TCB_NAME privilege to users or groups that need to have it.