Slashdot Mirror

← Back to Stories (view on slashdot.org)

Authenticate Your Windows Clients Against... Anything

Posted by timothy on from the except-the-hair-on-their-chinny-chin-chin dept.

Nathan Yocom writes: "pGina is a GPL'd extension for the authentication portion of Windows 2000/XP. Why replace that portion of the OS? Because we don't like being forced to have a Windows server around just for user authentication. So pGina uses plugins to achieve modularity. This allows for user authentication via ANY number of means, both existing and future. For instance, there is already some work being done on an LDAP plugin, a SMB plugin, an SSH plugin and others (SQL, Kerberos, etc). For those who aren't developers it is easy to install, and for those who are developers, a simple yet powerful plugin SDK makes it easy to develop plugins. (Technically pGina should work in NT 4 as well, but we have NOT tested it)"

2 of 37 comments (clear)

  1. Cool tool, but not new by dhopton · · Score: 3, Informative

    Windows NT has been able to authenticate a number of servers since day one. Novell is just one of those that it can. How does it do this? Using this interface - as somone else pointed, the replaceable authentication dll etc is documented and is on MSDN.

    pGina is cool thanks to it's plugin interface - it seems to make things a lot easyer.

    BTW, there is already a virus that gets in, and replaces your MS gina with it's own, so it looks and works like normal but collects passwords.

  2. Re:Even if replacing OS components doesn't . . . by Anonymous Coward · · Score: 2, Informative

    You mean like this? Microsoft overview on GINAs.

    There are _many_ companies that have written their own GINAs to provide alternate authentication methods, such as biometric, voice, and hardware tokens.

    A quick search only turned up a couple thousand entries.

    The only thing even remotely interesting about pGINA is that it allows multiple authentication paths via its plugin architecture, and even that is nothing to get overly excited about since the GINA itself is a plugin to winlogon.exe. I'd be more impressed if it worked with Win9x since I have yet to find a documented means of replacing the logon mechanisms for those operating systems.

    It should be noted that there are _very large_ companies that are using hardware tokens and they would be _very_ pissed if Microsoft decided to replace their custom GINAs out of the blue.