Check out the new USENIX Web site.
USENIX - Abstracts

Pluggable Authentication Modules for Windows NT

Naomaru Itoi and Peter Honeyman
University of Michigan

Abstract

To meet the challenge of integrating new methods and technologies into the Internet security framework, it is useful to hide low-level authentication mechanisms from application programmers, system administrators, and users, replacing them with abstractions at a higher level. The Pluggable Authentication Method approach popular in Linux, Solaris, and CDE offers one such abstraction.

To implement PAM in NT, we replaced the standard Graphical Identification and Authentication module with one that processes PAM tables. This provides security administrators with a flexible tool to plan and implement authentication policy across a wide range of computing platforms.

GINA is woven into the NT logon procedure, making it a difficult module to test and debug. Our PAM-based GINA eases this problem by allowing new authentication mechanisms to be replaced and tested without forcing a reboot.

  • View the full text of this paper in PDF form.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

webster@usenix.org
Last changed: 18 Aug 1998
Technical Program
Symposium Index
USENIX home