Abstract - Technical Program - 2nd USENIX Windows NT Symposium
Pluggable Authentication Modules for Windows NT
Naomaru Itoi and Peter Honeyman
University of Michigan
Abstract
To meet the challenge of integrating new methods and technologies into the Internet security framework, it
is useful to hide low-level authentication mechanisms from application programmers, system administrators,
and users, replacing them with abstractions at a higher level. The Pluggable Authentication Method
approach popular in Linux, Solaris, and CDE offers one such abstraction.
To implement PAM in NT, we replaced the standard Graphical Identification and Authentication module with one
that processes PAM tables. This provides security administrators with a flexible tool to plan and implement authentication
policy across a wide range of computing platforms.
GINA is woven into the NT logon procedure, making it a difficult module to test and debug. Our PAM-based
GINA eases this problem by allowing new authentication mechanisms to be replaced and tested
without forcing a reboot.
- View the full text of this paper in
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|