Skip navigation

Security UPDATE--In Focus: pGina Open Source GINA Replacement--March 30, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Free Info Kit on Automating Patch Management

New NetOp Remote Control v 8.0


1. In Focus: pGina Open Source GINA Replacement

2. Security News and Features

- Recent Security Vulnerabilities - Altiris to Acquire Pedestal Software

- BMC Acquires OpenNetwork

- Consolidated Security Event IDs in Windows 2003

3. Security Toolkit

- Security Matters Blog


- Security Forum Featured Thread

4. New and Improved

- Encryption with Two-Factor Authentication


==== Sponsor: PatchLink====

Free Info Kit on Automating Patch Management

Now, in a free information kit, learn how easily you can identify, deploy, and maintain patches critical to the security and availability of your network. You'll also discover how you can maintain bulletproof security -- against a range of threats -- at every network endpoint. This information-packed kit, from the pros at PatchLink, also shows you how to reduce IT workload by automating the installation of critical patches while being confident that all installed patches are pre-tested –- without having to do the testing. Click here to get your Free "Automating Patch Management" Kit now, and learn how to ease one of your biggest IT burdens. Download your Free Kit at:


==== 1. In Focus: pGina Open Source GINA Replacement ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You're probably aware that Windows Graphical Identification and Authentication (GINA) DLL is the interface used for logons during user authentication. You might also be aware that you can install a GINA replacement if you need to use nonstandard authentication methods or to integrate additional authentication types, such as a fingerprint logon system.

It's probably not wise to replace GINA unless you really need to because doing so could weaken both your system and network security. But in some cases, that might not matter to you as much as the management headache that you'd incur if you didn't replace GINA.

Some vendors--particularly those that make alternative authentication systems--offer GINA replacements to help integrate their products into a Windows platform. But there are undoubtedly some network architectures in which you'd really like to a have a GINA replacement, yet haven't found anything suitable that can address all your needs.

Recently in SecurityFocus's Focus-MS mailing list, someone mentioned an open-source GINA replacement, pGina, that seems like it could be helpful to those with diverse authentication needs. pGina, from XPA Systems, is unique in that it uses a plug-in architecture that lets you add just about any kind of authentication mechanism you can imagine. If there isn't a plug-in that meets your needs, then you can use the source code to develop one or have someone develop a plug-in for you. Depending on your needs and network architecture, pGina might let you centralize all your user credentials, which could save a lot of time and effort in management.

Numerous plug-ins are already available for pGina. For example, the Remote Authentication Dial-in User Service (RADIUS) plug-in lets you authenticate users to any RADIUS server. The ACE plug-in lets you use RSA Security's RSA SecureID two-factor authentication system for Windows logons--although last I heard, RSA does offer its own GINA replacement. Another interesting plug-in works with MySQL open-source database servers, which could be used to store user credentials. Yet another plug-in works with the Bluesocket architecture, which is very useful for authenticating mobile users. There are also plug-ins for Network Information Service (NIS) servers, Lightweight Directory Access Protocol (LDAP) servers, OpenAFS (based on the Andrew File System), and more.

GINA replacements are also available from other sources. FrontMotion sells source code to a GINA replacement that supports most versions of Windows and includes domain support and Active Directory (AD) support. Doug Scoular offers a free GINA replacement that helps integrate Windows with Unix or Linux platforms by using FTP as an authentication mechanism. Deakin University offers free GINA source code that can be used to authenticate with NIS servers.


==== Sponsor: CrossTec ====

FREE Download – The Next Generation of End-Point Security is Available Today.

NEW NetOp Desktop Firewall's fast 100% driver-centric design offers a tiny footprint that protects machines even before Windows loads - without slowing them down. NetOp is also the only solution to provide process control as well as application control to give you the highest level of security. The NetOp Desktop Firewall utilizes real-time centralized management and control, intelligent network detection, stateful packet filtering, port blocking, protection from process hijacking, and much more. Try it FREE.


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Altiris to Acquire Pedestal Software

Altiris announced that it will acquire Pedestal Software in a deal valued at $65 million. Altiris further said that after the deal closes at the end of March, the company will immediately begin integrating Pedestal products into its distribution channels and will continue offering Pedestal's SecurityExpressions and AuditExpress products as standalone solutions.

BMC Acquires OpenNetwork

BMC Software announced that it has reached an agreement to acquire OpenNetwork, makers of Web application management and single sign-on (SSO) technology. BMC said OpenNetwork's solutions will allow BMC to expand its browser-based authentication and authorization offerings, which compliment its existing offerings for workflow, audit and compliance, enterprise-enabled SSO, provisioning, and directory content management.

Consolidated Security Event IDs in Windows 2003

Randy Franklin Smith tells why Windows Server 2003 domain controllers (DCs) don't report domain-account authentication failures, except for bad password attempts.


==== Resources and Events ====

The Essential Guide to Active Directory Management

Migrating from NDS and/or eDirectory to AD means changes in the way you manage your network, users, and network resources. Download this Essential Guide to Active Directory Management and learn hands-on approaches that reduce management complexity, IT workload, and costs and improve security--all with minimal impact on your organization. Download this guide today.

Get Chapter 2 of "SQL Server Administration for Oracle DBAs"

Learn the key concepts that give Oracle DBAs a firm foundation in mapping Oracle database-management skills, knowledge, and experience to SQL Server database management. Chapter 2 of this free eBook discusses SQL Server management, including managing memory, processes, storage, sessions and transactions, and low-level structures (e.g., locks, latches). Download Chapter 2 now!

Attend This Free Web Seminar for a Chance to Win a $1000 American Express Gift Check!

Achieve High Availability and Disaster Recovery for Microsoft Servers. In this Web seminar, discover what it takes to minimize the likelihood of downtime through reliability and resilience in your Microsoft server environment, including Exchange Server, SQL Server, File Server, IIS, and SharePoint. Sign up today!

Hey Europe! Get Ready to Become the Next Gatekeeper Champion

Get a leg up on your fellow European IT pros by getting all the study materials you'll need to help you prepare for the next Gatekeeper competition on April 4. Windows IT Pro will help you hone your security skills and become the ultimate IT security expert. Start preparing now by visiting:

Sensible Best Practices for Exchange Availability On-Demand Web Seminar

If you're discouraged about not having piles of money for improving the availability of your Exchange server, join Exchange MVP Paul Robichaux for this free Web seminar and learn how to maximize your existing configuration. Survive unexpected outages, plan for the unplannable, and evaluate what your real business requirements are without great expense. Register now!


==== 3. Security Toolkit ====

Security Matters Blog

by Mark Joseph Edwards,

Patching with WSUS

If you're interested in using Windows Server Update Services (WSUS--formerly Windows Update Services), then you might consider watching Microsoft's new on-demand TechNet Webcast, "Introduction to Security Patching Using Windows Update Services." The Webcast offers insight into WSUS's new features and offers planning and deployment guidance. Microsoft also released a WSUS release candidate (RC) and said that after April 22, WUS beta 2 will no longer receive updates. So if you were testing the beta, you need to update your copy to the RC.


by John Savill,

Q: How can I deploy missing patches to my Microsoft Systems Management Server (SMS) clients?

Find the answer at

Security Forum Featured Thread: Password Control Via IIS

A forum participant has an intranet that requires domain authentication for access to data on one Windows 2000 Server machine. He's set a password timeout period for x number of days. But users don't see a password expiration warning because they log on via an IIS site. In addition, passwords seem to stop working for some time before they expire. How can he deliver a password expiration notification to the users? Join the discussion at


==== Announcements ====

(from Windows IT Pro and its partners)

Get Windows IT Pro at 44% Off!

Windows & .NET Magazine is now Windows IT Pro! Act now to get an entire year for just $39.95--that's 44% off the cover price! Our March issue shows you what you need to know about Windows Server 2003 SP1, how to get the best out of your IT staff, and how to fight spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a limited-time, risk-free offer, so click here now:


==== 4. New and Improved ====

by Renee Munshi, [email protected]

Encryption with Two-Factor Authentication Mobile Armor announced that its PolicyServer and DataArmor products have "RSA SecurID Ready" certification, meaning that they now integrate with RSA SecurID two-factor authentication technology. DataArmor software provides preboot authentication and high-speed full-device encryption, especially for mobile devices; PolicyServer integrates DataArmor with other security software such as antivirus solutions, VPNs, and firewalls. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.