PGina 1.x About

From pGina

What is pGina?

pGina, through the use of plug-in technology, allows an administrator to choose from any number of authentication sources and methods when users login to a Windows 2000/XP machine. Should an administrator wish to implement a custom authentication method, or extend an existing method, she may also create her own plug-in from the readily available example source and pGina plug-in API. This allows for centralization of authentication and authorization management against a theoretically limitless number of user/group/security management solutions.

How does it work?

pGina works by inserting itself into the Windows operating system as a GINA (Graphical Identification and Authentication) module, hence the name. Without pGina installed, when a Windows system begins to boot, a process called Winlogon loads a Microsoft GINA that is responsible for handling system events like CTRL+ALT+DEL, screen saver activation, logon attempts, etc. When pGina is installed, it inserts itself between the Winlogon process and Microsoft’s GINA and handles those things directly related to its own operation (logon, locking etc) and passes everything else transparently to the Microsoft module. When Winlogon loads pGina, pGina in turn loads a plug-in chosen by the administrator. When a user attempts to login, pGina will use the selected plug-in to determine whether they should be authenticated and/or authorized. Should the plug-in allow the user to proceed, pGina will create an account for them on the local machine or domain (depending on configuration), add them to groups as specified by the plug-in and configuration, map drives both globally and specific to that user, and many other things depending on its numerous configuration options.