Information Security maga

Authenticating Windows

The eSSO client authenticates to Windows via GINA chaining or replacement. Organizations frequently use this option for stronger authentication methods not natively supported in Windows (for example, OTP or biometrics). The eSSO system manages the user's Active Directory username and password behind the scenes and replays it at the right time. For Windows Vista, eSSO vendors will need to make significant changes to the eSSO client, since GINA chaining or replacement will not be possible.

The eSSO client leverages the native Windows authentication. This option is frequently used when the organization wishes to make the eSSO software as unobtrusive as possible, and have lower authentication requirements (the exception here is smart cards, which are supported natively in Windows).

In kiosk-mode under a generic Windows identity, there is one Windows desktop and identity, and the workstation is shared by many users. The primary reason for this configuration is speed because the traditional Windows user logon, desktop rendering and logoff can take too long.

This was first published in July 2006