Re: Own GINA dll with special requirements

Hello!

1. You can extend Active Directory Schema to support you additional
attributes. For more information, please see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/extending_the_schema.asp.
2. You can store user password in the dedicated AD attribute. (Of course,
you must encrypt password before storing)
3. No. You must implement you GINA as native code. For more information
about GINA development, please read the following papers:
http://msdn.microsoft.com/msdnmag/issues/05/05/SecurityBriefs/ and
http://msdn.microsoft.com/msdnmag/issues/05/06/SecurityBriefs/


"Frank Stegerwald" <stegerwald@xxxxxxxxxxxxxxxx> wrote in message
news:eppEGNRaGHA.508@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

i need to replace the GINA dll of an XP System to support the following
requirement:

We have a chip-reader that reads "chip-IDs" from transponder chips.
Instead of typing in a username and password, the user puts the chip on
the
transponder
and the "chip-ID" should be matched to a Active Directory user. In Active
Directory
a chip-ID is assigned to each AD user.
The username and the passowod should be entered into the login box
automatically based on the chip-id.

I already set up a thread that retrieves the chip-id from the transponder.
So the missing part that i have is the following:

1. Can Active Directory be expanded to assign a chip-id to a user?

2 How to retrieve the password and username based on the chip-id out of
active directory
(which user should i use for this, since the actual user is not logged in
the machine yet)

3. Is it appropriate to use .NET to replace a gina dll or must it be
implemented in native code?

How can I achive this, or where should I look for this information, if
this
is the wrong newsgroup?

Thanks for any help
Greetings
Frank Stegerwald






.

Relevant Pages

  • Re: Own GINA dll with special requirements
    ... Based on the Chip-ID only the username is retrieved from AD ... The main purpose for using the chip is that if it is removed, ... and the "chip-ID" should be matched to a Active Directory user. ...
    (microsoft.public.platformsdk.security)
  • Re: Own GINA dll with special requirements
    ... GINA runs as system, right? ... differently each time) than somebody can get the chip information and can ... and the "chip-ID" should be matched to a Active Directory user. ... Can Active Directory be expanded to assign a chip-id to a user? ...
    (microsoft.public.platformsdk.security)
  • RE: Own GINA dll with special requirements
    ... Storing the user passwords in AD (even in reversible encrypted form) is a big ... if the reader / chip communication is not encrypted (preferably ... and the "chip-ID" should be matched to a Active Directory user. ... Can Active Directory be expanded to assign a chip-id to a user? ...
    (microsoft.public.platformsdk.security)
  • Own GINA dll with special requirements
    ... Instead of typing in a username and password, the user puts the chip on the ... and the "chip-ID" should be matched to a Active Directory user. ... Can Active Directory be expanded to assign a chip-id to a user? ... Is it appropriate to use .NET to replace a gina dll or must it be ...
    (microsoft.public.platformsdk.security)
  • RE: Configuration / Protocols Missing
    ... appropriate venue of support for time critical or business down issues. ... the ADCConfigCheck deployment tool (Check Exchange ... The tool searches Active Directory by using ... its endpoints are the Site Replication Service and a global catalog server. ...
    (microsoft.public.exchange.setup)