There are three integrated systems needed for authentication in ReactOS:

1. Winlogin
2. MSGINA (ROSGINA would work better, no?)
3. Some sort of Identity Management system with support for local and remote authentication (remote can come with SMB support later)

Tiers 2 & 3 can be developed and tested on a non ReactOS system (aka a real Windows system) initially (tho with the code staying in the ROS Subversion tree), while Tier 1 is ReactOS specific.

I thus see three stages (aligned with the systems mentioned above):

1. Identity Management System with basic tools (get Setup to use it, at least some basic command line tools to add and remove users and change passwords, no need for a UI yet)

2. A ROSGINA that uses the Identity Management System

3. Get Winlogin back up and running and using the ROSGINA for authentication.

Since its stage 1:

The identity management system's sole purpose is to create a cross-subsystem, ReactOS-wide way to authenticate users. How each subsystem uses the information provided is up to the individual subsystem. As such, I see a database (Berkerly DB or Sqlite) of users (and possibly a separate one with groups) with some basic metadata describing the user:

1. Username
1. Real Name / Nickname
2. Encrypted Password (encrypted with a choice of algorithms, AES, Blowfish, etc..)
4. Groups user belongs in (by name)

Any other metadata that should be stored in the authentication database?

The identity management system's API can be quite simple:

BOOL AuthenticateUserA( LPCSTR username, LPCSTR password );
BOOL AuthenticateUserW( LPCWSTR username, LPCWSTR password );

Basically, returning a TRUE if the particular user is valid and FALSE otherwise. Other APIs to get other metadata can come later?

Any other ideas?

--Justin Haygood
justin.haygood@gmail.com