Authenticate Your Windows Clients Against... Anything

← Back to Stories (view on slashdot.org)

Authenticate Your Windows Clients Against... Anything

Posted by timothy on Sunday April 14, 2002 @01:21AM from the except-the-hair-on-their-chinny-chin-chin dept.

Nathan Yocom writes: "pGina is a GPL'd extension for the authentication portion of Windows 2000/XP. Why replace that portion of the OS? Because we don't like being forced to have a Windows server around just for user authentication. So pGina uses plugins to achieve modularity. This allows for user authentication via ANY number of means, both existing and future. For instance, there is already some work being done on an LDAP plugin, a SMB plugin, an SSH plugin and others (SQL, Kerberos, etc). For those who aren't developers it is easy to install, and for those who are developers, a simple yet powerful plugin SDK makes it easy to develop plugins. (Technically pGina should work in NT 4 as well, but we have NOT tested it)"

4 of 37 comments (clear)

Min score:

Reason:

Sort:

Even if replacing OS components doesn't . . . by Anonynnous+Coward · 2002-04-14 01:41 · Score: 3, Interesting

. . . violate the EULA, Microsoft is free to modify the software on a running Windows installation. I'm sure that changes to the authentication code would be something Microsoft could easily "fix" with Windows Update, or some other more sneaky, nefarious means (now that they legally can) of "updating" the code on your box.
If I wanted to choose your authentication mechanism, I'd stick with OSS with no back-doors for "maintenance" or "updates."
1. Re:Even if replacing OS components doesn't . . . by maxume · 2002-04-14 03:31 · Score: 2, Interesting
  
  Did you see the quote from MSDN where it talks about microsoft actually providing some of the functionality needed to get this done?
  
  here it is, taken from the info page in the story link:
  
  "... is a replaceable DLL component that is loaded by the Winlogon executable. The GINA implements the authentication policy of the interactive logon model and is expected to perform all identification and authentication user interactions." (MSDN)
  
  So microsoft says it is replacable, probably because they think that it is something that people might want to replace...
  
  The above comment really isn't that interesting, is it?
  
  --
  Nerd rage is the funniest rage.
Very cool by Webmonger · 2002-04-14 03:02 · Score: 3, Interesting

This looks like very useful software, if it works as advertised. Where I work, we have an entire Win2k server whose only purpose is providing authentication. For us, this could be the missing link.

It seems like an alternative to the Samba TNG project. Where SMBTNG is working to create Open Source Domain Controllers that run under Unix, pGina makes Domain Controllers irrelevent by allowing Win2k to use Open Source *nix authentication methods.

I have to think though, that pGina is probably far simpler to implement than Samba TNG.
Bad, but probably not the worst. by Futurepower(R) · 2002-04-14 06:30 · Score: 1, Interesting

He's right. Why do open source authors pick self-defeating names?

Probably because it takes a lot of effort to think of a really good name.

My recent favorite poorly chosen name is Killustrator. The name created an international incident, and the author was forced to change it.

So, what would be a good name? You could call it Open GINA, but GINA sounds like a woman's name. Gnu GINA? WhoAreYou? OurGINA? FreeGINA? No, people would joke that it was prostitution. Tacoma ID? OpenID?

A good name would make prospective users think of the purpose, rather than of an obscure acronym. So maybe OpenID is good.