Thu Dec  6 15:17:21 CST 2007

KerberosV plugin for pGina v2.0

Prerequisites:
Windows Vista
pGina 2.0
MIT Kerberos for Windows, tested with version KfW 3.2.1 and 3.2.2

I have not tested this plugin with pGina 1.x or on Windows XP.  I don't
know why it would *not* work, but that's my target development and
testing environment.

Operation:
This plugin checks a user's password against a kerberos KDC to see if
it's valid.  If so, it lets the user in.  It relies upon KfW to actually
get the K5 tickets for the user.  

Installation:
* install MIT Kerberos for Windows
* install pGina 2.0
* install the k5_pgina_plugin.msi

You must populate the following registry key with your desired kerberos
service/realm in order for this to work:

[HKEY_LOCAL_MACHINE\SOFTWARE\pGina\k5plugin]
"DefaultService"="krbtgt/EXAMPLE.DOMAIN.EDU"

Use the pgina plugin tester to determine if it does what you expect.

Debugging output is available in c:\windows\temp\k5pgina-nnnn.  

This plugin only does authentication, not authorization.  You'll likely
need to chain another plugin in pGina for that.

Compiling:
You'll need Visual Studio 2005, the Kerberos for Windows SDK and the Vista
SDK installed.  

Questions/comments to timc@cs.wisc.edu