Dynamic Configuration of Windows NT Login
NI_PAM
Development and configuration of login software in Windows NT is always a hard problem because some part of the software is embedded in Windows NT operating system.  However, login software must be developed and configured easily because security technology is rapidly growing and changing.  We attack this problem by having more modularity.  Our project is called NI_PAM, referring to UNIX Pluggable Authentication Module (PAM).

1. Our Goal

2. Our Way
Our basic policy is to divide the login software (GINA) to several independent modules, and control it with Configuration File.  NI_PAM contains following modules:
All modules are implemented as independent DLLs.  Since each module is developed independently from each other, development cost of Windows NT logon application is greatly reduced.

3. Future Direction
We are investigating a way to use different passwords in different network providers, yet single-sign-on property is reserved.  We would implement it with password mapping.  i.e. one master Network Provider (probably Kerberos) has all other NPs' passwords or keys.

Demo  SmartCard  NI_PAM

Send mail to Naomaru Itoi