usenix conference policies
Pluggable Authentication Modules for Windows NT
Naomaru Itoi and Peter Honeyman, University of Michigan
To meet the challenge of integrating new methods and technologies into the Internet security framework, it is useful to hide low-level authentication mechanisms from application programmers, system administrators, and users, replacing them with abstractions at a higher level. The Pluggable Authentication Method approach popular in Linux, Solaris, and CDE offers one such abstraction.
To implement PAM in NT, we replaced the standard Graphical Identification and Authentication module with one that processes PAM tables. This provides security administrators with a flexible tool to plan and implement authentication policy across a wide range of computing platforms.
GINA is woven into the NT logon procedure, making it a difficult module to test and debug. Our PAM-based GINA eases this problem by allowing new authentication mechanisms to be replaced and tested without forcing a reboot.
author = {Naomaru Itoi and Peter Honeyman},
title = {Pluggable Authentication Modules for Windows {NT}},
booktitle = {2nd USENIX Windows NT Symposium (2nd USENIX Windows NT Symposium)},
year = {1998},
address = {Seattle, WA},
url = {https://www.usenix.org/conference/2nd-usenix-windows-nt-symposium/pluggable-authentication-modules-windows-nt},
publisher = {USENIX Association},
month = aug
}
connect with us