Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Authenticate Your Windows Clients Against... Anything 37

Nathan Yocom writes: "pGina is a GPL'd extension for the authentication portion of Windows 2000/XP. Why replace that portion of the OS? Because we don't like being forced to have a Windows server around just for user authentication. So pGina uses plugins to achieve modularity. This allows for user authentication via ANY number of means, both existing and future. For instance, there is already some work being done on an LDAP plugin, a SMB plugin, an SSH plugin and others (SQL, Kerberos, etc). For those who aren't developers it is easy to install, and for those who are developers, a simple yet powerful plugin SDK makes it easy to develop plugins. (Technically pGina should work in NT 4 as well, but we have NOT tested it)"
This discussion has been archived. No new comments can be posted.

Authenticate Your Windows Clients Against... Anything

Comments Filter:
  • . . . if you had control of some desktops in your organization, and would like to, say, replace the domain authentication for access to local files with a little something of your own, in case you, uh, needed access to those files later, like, say, uh, after you were terminated?
    • Access to local files after termination can be gained through using a ntfs filesystem driver such as is found in Linux.

      Many Windows shops restrict users from admin rights on their NT boxes. Your own MSGINA DLL is useful to log you on as a *Localhost\Administrator on your machine during the time period _prior_ to your termination.
  • by Anonynnous Coward ( 557984 ) on Sunday April 14, 2002 @08:41AM (#3338738)
    . . . violate the EULA, Microsoft is free [slashdot.org] to modify the software on a running Windows installation. I'm sure that changes to the authentication code would be something Microsoft could easily "fix" with Windows Update, or some other more sneaky, nefarious means (now that they legally can) of "updating" the code on your box.

    If I wanted to choose your authentication mechanism, I'd stick with OSS with no back-doors for "maintenance" or "updates."

    • Did you see the quote from MSDN where it talks about microsoft actually providing some of the functionality needed to get this done?

      here it is, taken from the info page in the story link:

      "... is a replaceable DLL component that is loaded by the Winlogon executable. The GINA implements the authentication policy of the interactive logon model and is expected to perform all identification and authentication user interactions." (MSDN)

      So microsoft says it is replacable, probably because they think that it is something that people might want to replace...

      The above comment really isn't that interesting, is it?
  • by Anonymous Coward
    You must weigh at least 300 lbs to operate this machine please consume more food to obtain root at 450 lbs!!!!
  • Very cool (Score:3, Interesting)

    by Webmonger ( 24302 ) on Sunday April 14, 2002 @10:02AM (#3338896) Homepage
    This looks like very useful software, if it works as advertised. Where I work, we have an entire Win2k server whose only purpose is providing authentication. For us, this could be the missing link.

    It seems like an alternative to the Samba TNG project. Where SMBTNG is working to create Open Source Domain Controllers that run under Unix, pGina makes Domain Controllers irrelevent by allowing Win2k to use Open Source *nix authentication methods.

    I have to think though, that pGina is probably far simpler to implement than Samba TNG.
    • Exactly right. It has been the missing link for us as well (the CSCE Dept itself, http://www.cs.plu.edu) as we now use it for LDAP authentication. Hope you find it useful, drop me a note if you have any questions!
    • Its all relative.

      I've done a heap of work on nisgina 2000
      (see nisgina.deakin.edu.au)

      we use it in our teaching labs (approx 1000 machines)
      and it works fine.

      I wouldn't put in onstaff machines though its fairly invasive in the way it works.

      Domain controllers are simpler to use, you just need to sync the passwords from your unix hosts, which we have now done.
  • by Otter ( 3800 ) on Sunday April 14, 2002 @10:32AM (#3338967) Journal
    This is a great project but pGina is an absolutely godawful name. It sounds like the developers were watching the "Mulva" episode of Seinfeld [geocities.com] when they came up with the name.

    I'm surprised they're from an English-speaking country.

  • by dhopton ( 252883 ) on Sunday April 14, 2002 @11:44AM (#3339186)
    Windows NT has been able to authenticate a number of servers since day one. Novell is just one of those that it can. How does it do this? Using this interface - as somone else pointed, the replaceable authentication dll etc is documented and is on MSDN.

    pGina is cool thanks to it's plugin interface - it seems to make things a lot easyer.

    BTW, there is already a virus that gets in, and replaces your MS gina with it's own, so it looks and works like normal but collects passwords.
    • not new - just modular. There are replacement GINA's that do different methods of authentication - but they are hardcoded - the plugin architecture of pGina allows for these and other past + new protocols.

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann

Working...