Network security technology is developing rapidly recently,
security application software must be easily developed and configured.
In the UNIX world, the Pluggable Authentication Module (a.k.a. PAM) is recognized
as a powerful tool that provides flexibility and ease of development to security
application software. In Windows NT, it is hard to develop a user authentication
system because parts of the user logon program are embedded in the Windows NT
operating system and cannot be modified by software developers. Our
research goal is to provide flexibility and ease of development to Windows
NT authentication system. We achieved this by adding PAM-like pluggable
authentication modules to a GINA, the NT authentication module.
Our PAM-like GINA module is called "NI_PAM"
NI_PAM contains following modules:
-
NI_PAM: Central part to implement PAM in Windows NT.
NI_PAM reads a configuration table to specify its behavior.
-
NI_GINA: GINA works with NI_PAM. NI_GINA replaces
Microsoft GINA.
-
NP specific modules: A module to support specific
network providers. Kerberos 4, Kerberos 5, Netware, and Smart Card
(CyberFlex JavaCard) authentication module are the examples of Network
Providers we support.
All modules are implemented as independent DLLs. Since each module
is developed independently from each other, development cost of Windows
NT logon application is greatly reduced.
Kerberos 4, Kerberos 5, Netware, and
Smart Card (CyberFlex JavaCard)
authentication module are the examples of Network Providers we support.
