pGina Open Source Windows Authentication

pGina logo pGina is a pluggable Open Source GINA and CredentialProvider replacement.
This allows for alternate methods of interactive user authentication and access management on machines running the Windows operating system.

In short, allow your windows users to login using the backend of your choice.
Plugins are written in managed code and allow for user authentication, authorization and session management. End result is that you, the admin, can choose how your users are authenticated, authorized and managed.
Already have users in LDAP?
Want to manage your users with a MySQL database?
Using a custom backend and want to craft your own authentication code?
pGina is the solution.


the fork


fork logo The fork was created first simply because it's the way to contribute on Github.
Later on due to time pressure and a refused pull request.
Now the code differs so much that it's hard to merge it back again, nevertheless I still hope that someday...

Latest News

pGina 3.9.9.12 Released!

Posted by Hans Wurst on March 15, 2018

Download a copy of the release.

What’s new in pGina 3.9.9.12

  • plugins
    • scripting plugin
      • fix notification logon bug #103

pGina 3.9.9.11 Released!

Posted by Hans Wurst on March 01, 2018

Download a copy of the release.

What’s new in pGina 3.9.9.11

  • Pgina
    • Credential Provider (Login Screen)
      • login screen, fixed a broken logon change password event (pre Windows 10, still exists in Windows 10)
  • plugins
    • scripting plugin
      • add Notification stage logon/logoff option #88
    • LDAP plugin
      • improve LDAP DNS certificate validation #86

pGina 3.9.9.10 Released!

Posted by Hans Wurst on October 17, 2017

Download a copy of the release.

What’s new in pGina 3.9.9.10

  • Pgina
    • Credential Provider (Login Screen)
      • fixed a bug related to “Display last user name in logon screen”
      • added a workaround for Windows 10 refusing to refresh the login screen

pGina 3.9.9.9 Released!

Posted by Hans Wurst on April 25, 2017

Download a copy of the release.

What’s new in pGina 3.9.9.9

  • Pgina
    • Credential Provider
      • add option PreferLocalAuthentication #70
  • plugins
    • Multi email plugin
      • fix minor gui glitch
    • LDAP plugin
      • show error if rules can’t be saved #65

pGina 3.9.9.8 Released!

Posted by Hans Wurst on April 04, 2017

Download a copy of the release.

What’s new in pGina 3.9.9.8

  • Pgina
    • Credential Provider
      • fix a bug in preshutdown events
  • plugins
    • Local Machine plugin
      • fixed a bug related to password change
      • during “remove account and profile” clear the SID too
    • LDAP plugin
      • remove TLS -> SSL fallback

pGina 3.9.9.7 Released!

Posted by Hans Wurst on February 15, 2017

Download a copy of the release.

What’s new in pGina 3.9.9.7

  • Pgina
    • option to display last username
    • disabled login simulator
    • message during unlock, pwd change or credUI (error msg too) as seen during logon
    • no relogin if user unlocks his session or doing a credUI
    • support for terminal servers, multilogon (switch session)
    • support for credUI Events or runas
    • support for empty password
    • logon password change support
    • non pgina users are not processed by pgina
    • support for domain logins
      • logins are verified in the same order as the default CP does
      • if a machine is a domain member, a login is verified against the domain
      • if a machine is not part of a domain, a login is verified against the local SAM
      • to force a local authentication on a domain member use .\username
      • to force a domain login of a subdomain use username@sub.contoso.local
    • Implemented IConnectableCredentialProviderCredential
      • fix issue in Windows 7 with enabled LockScreen Interactive logon: Do not require CTRL+ALT+DEL
      • still not working properly on Windows 8 if CTRL+ALT+DEL is active
      • same for Windows 10 as long as the LockScreen is active (independent from CTRL+ALT+DEL)
      • Issue 32 effects logins that take longer than 2min only
    • logfiles are saved now in UTF-16 format
    • set default installation folder to pgina.fork
  • new plugins
    • Kerberos (Seth Walsh)
    • MultiEmail (Manuel Pérez Ayala)
    • HttpAuth (Václav Klecanda)
    • SSHAuth (David Dumas)
    • dropped pgSMB and replaced it with pgSMB2
      • Windows 8/10
        • Disable fast startup if you are using pgSMB2
        • reg add “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /v HiberbootEnabled /t REG_DWORD /d 0 /f

pGina 3.2.4.1 Released!

Posted by Hans Wurst on December 16, 2014

Finally its time for an update to catch up with the latest pGina improvements

Download a copy of the release.

What’s new in pGina 3.2.4.1

  • Pgina service
    • extend max shutdowntime to 1h
    • service bugfixes
  • LDAP plugin
    • a view bugfixes
    • option to use authentication bind when searching in authorization and gateway stages.
  • pgSMB plugin
    • add 1 minute timeout if an SMB connection fails
  • Radius plugin
    • Lots of updates to the RADIUS plugin by Oooska
  • MySQL plugin
    • add option to prevent (or not) logon in gateway if server error occurs

from fork 3.2.0.0

  • Password change option
  • Various bug fixes and other improvements

Improvements beyond pGina 3.2.0.0:

  • a different password change plugin behaviour
  • LDAP plugin
    • Attribute converter
    • Enhanced hash generation
    • Enhanced options for the authorization and gateway stages
  • pgSMB plugin
    • Properties can be altered by LDAP attributes
  • Local Machine plugin
    • Login script
    • Roaming Profile

from fork 3.1.6.2

  • An improved login mask
  • Event based logoff in the Local Machine plugin
  • A new plugin called pgSMB

pGina 3.2.0.0 Released!

Posted by Hans Wurst on December 02, 2013

Finally its time for an update to catch up with the latest pGina improvements

Download a copy of the release.

What’s new in pGina 3.2.0.0

  • Password change option
  • Various bug fixes and other improvements

Improvements beyond pGina 3.2.0.0:

  • a different password change plugin behaviour
  • LDAP plugin
    • TLS support
    • Attribute converter
    • Enhanced hash generation
    • Enhanced options for the authorization and gateway stages
  • pgSMB plugin
    • Properties can be altered by LDAP attributes
  • Local Machine plugin
    • Login script
    • Roaming Profile

from fork 3.1.6.2

  • An improved login mask
  • Event based logoff in the Local Machine plugin
  • A new plugin called pgSMB

pGina 3.1.6.2 Released!

Posted by Hans Wurst on October 04, 2013

After a long way of testing and fixing I got pGina how I want it to be.

Download a copy of the release.

What’s different in this 3.1.6.2 fork compared with pGina 3.1.6.0:

  • An improved login mask
  • Event based logoff in the Local Machine plugin
  • A new plugin called pgSMB
  • Various bug fixes and other improvements.

the pull request was denied

Posted by Hans Wurst on February 27, 2013

Finally the pull request was denied, simply because of its complexity. In fact, I need to migrate 500+ clients in summer, so I decided to go on with my fork and deal with the merge process at a later time. It’s not a personal thing, just a matter of time!

pGina 3.1.6.0 Forked

Posted by Hans Wurst on November 14, 2012

The pGina team requested me to fork there project in order to submit my pgSMB plugin. I’ve learned that’s the way of doing things on Github. I personally see a fork in a different light, but that’s the way it is.