The login API communicates with the security server to establish, and possibly change, a principal's login context. A login context contains the information necessary for a principal to qualify for (although not necessarily be granted) access to network services and possibly local resources as well. Login context information normally includes the following:
· Identity information concerning the principal, including its certificate of identity (in shared-secret authentication, this is the TGT), its PAC, and registry policy information such as the maximum lifetime of certificates of identity.
· The context state; that is, whether the authentication service has validated the context or not.
· The source of authentication information. (It may originate from the network authentication service, or locally, if that network service is unavailable.)