These services are to allow an NP to store authentication information, including passwords, in a persistent and secure store. This store is encrypted using the system logon user name and password. When a successful system logon has occurred, the password cache is available for use by NPs and applications.
There is a system configuration switch which disables password caching, for those sites which do not want it for extra security. An NP can also indicate that it does not want its passwords persistently cached, again for extra security. In both of these cases, the password caching subsystem will still store passwords in memory, but will not write them to disk.
For complete details on the password caching APIs, see the Windows for Workgroups SDK documentation. The changes to the APIs are as follows:
The WNetCachePassword API accepts an additional parameter which indicates whether the password should be permanent (i.e., written to disk).
The WNetEnumCachedPasswords API accepts an additional DWORD parameter which is application-defined. This parameter is passed to the enumeration callback function along with the entry being enumerated.