You're probably aware that Windows Graphical Identification and Authentication (GINA) DLL is the interface used for logons during user authentication. You might also be aware that you can install a GINA replacement if you need to use nonstandard authentication methods or to integrate additional authentication types, such as a fingerprint logon system.
It's probably not wise to replace GINA unless you really need to because doing so could weaken both your system and network security. But in some cases, that might not matter to you as much as the management headache that you'd incur if you didn't replace GINA.
Some vendors--particularly those that make alternative authentication systems--offer GINA replacements to help integrate their products into a Windows platform. But there are undoubtedly some network architectures in which you'd really like to a have a GINA replacement, yet haven't found anything suitable that can address all your needs.
Recently in SecurityFocus's Focus-MS mailing list, someone mentioned an open-source GINA replacement, pGina, that seems like it could be helpful to those with diverse authentication needs. pGina, from XPA Systems, is unique in that it uses a plug-in architecture that lets you add just about any kind of authentication mechanism you can imagine. If there isn't a plug-in that meets your needs, then you can use the source code to develop one or have someone develop a plug-in for you. Depending on your needs and network architecture, pGina might let you centralize all your user credentials, which could save a lot of time and effort in management. http://pgina.xpasystems.com/info
Numerous plug-ins are already available for pGina. For example, the Remote Authentication Dial-in User Service (RADIUS) plug-in lets you authenticate users to any RADIUS server. The ACE plug-in lets you use RSA Security's RSA SecureID two-factor authentication system for Windows logons--although last I heard, RSA does offer its own GINA replacement. Another interesting plug-in works with MySQL open-source database servers, which could be used to store user credentials. Yet another plug-in works with the Bluesocket architecture, which is very useful for authenticating mobile users. There are also plug-ins for Network Information Service (NIS) servers, Lightweight Directory Access Protocol (LDAP) servers, OpenAFS (based on the Andrew File System), and more.
GINA replacements are also available from other sources. FrontMotion sells source code to a GINA replacement that supports most versions of Windows and includes domain support and Active Directory (AD) support. Doug Scoular offers a free GINA replacement that helps integrate Windows with Unix or Linux platforms by using FTP as an authentication mechanism. Deakin University offers free GINA source code that can be used to authenticate with NIS servers. http://www.frontmotion.com/products.htm http://www.arch.usyd.edu.au/~doug/gina.html http://nisgina.deakin.edu.au
