Hey,

Just curious if anyone has any domain experience with this. I have to replace Windows logon and Citrix logon with biometric authentication as part of a new product we're producing in conjunction with some of our business partners.

I know you can swap out or hook msgina.dll, how much of a pain in the ass is it? Does it allow you to put in the password? Ideally I'd like user to type in username, then authenticate against a facial/fingerprint/etc template, then we'd do a lookup of their password and put it into the password box.

Someone else suggested we, at a very low level, intercept kerberos tokens, but I don't see that as viable because we can't force key knowledge on other programs. I also don't see an adhoc MITM attack oriented pattern (as I view it), as a staying solution.