Open Source в республике Татарстан. Linux.

Оказывается, в Windows существует штатный интерфейс, позволяющий разрабатывать к нему модули авторизации в других видах служб каталого, а не только в AD.
Вот, например, открытая система, реализующая множество таких модулей:
http://www.pgina.org/
What is pGina?
As it stands, the Microsoft Windows NT/2000/XP client operating system only provides a single method of user authentication. This method calls for the availability of a machine running the Microsoft Windows Server operating system. While this method may work very well in several situations, it does not work at all in others. Should someone be looking to bring the Windows operating system into an environment where user authentication is currently being handled by something other than a Windows server, it is an extremely difficult task to allow for this single method of authentication.
For instance, should an administrator wish to use an existing Unix server, and its existing base of users, to authenticate access to Windows machines there are few options. The methods employed may range from using a Windows server for authentication and having the administrator maintain identical lists of usernames/passwords on each server, to using Samba to emulate a Windows NT 4 Server. However, each method has its drawbacks and limitations. Ideally the administrator should be able to setup a standard naming service, such as NIS (Network Information Services) or LDAP (Lightweight Directory Access Protocol), on ANY type of server and have all clients, regardless of OS revision, access that single repository.
However, Microsoft does allow for customization of its client access and authentication methods through the interface specifications and details of their GINA (Graphical Identification aNd Authentication) dynamic link library. This library “… is a replaceable DLL component that is loaded by the Winlogon executable. The GINA implements the authentication policy of the interactive logon model and is expected to perform all identification and authentication user interactions.” (MSDN)
Through the creation of a substitute GINA that can dynamically load “plugins”, where a plugin can be created to use ANY method of authentication, we propose that it is possible to systematically, and simply, provide for the authentication and login of a user via many different methods. Thereby, we are simplifying the provided GINA interface, and providing the skeleton code necessary to quickly and easily implement many different methods of user authentication. Once a plugin has been created for any particular authentication method, it can quickly and easily be installed on multiple machines and even provided for other users and institutions, without the need for an in-depth understanding of the Windows logon process or its structure.