Jump to content

Graphical Identification and Authentication

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Acolin f (talk | contribs) at 16:12, 9 December 2008 (Create page for GINA dll description, linked to GINA disambugation page). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

The Graphical Identification and Authentication dll (GINA) operates in the context of the Winlogon process and, as such, the GINA DLL is loaded very early in the boot process. The GINA DLL must follow rules so that the integrity of the system is maintained, particularly with respect to interaction with the user.

Note: GINA DLLs are ignored in Windows Vista, and presumably in the new Windows 7 OS.

The most common use of the GINA is to communicate with an external device such as a smart-card reader or fingerprint scanner. The purpose of a GINA DLL is to provide customizable user identification and authentication procedures. The default GINA does this by delegating SAS event monitoring to Winlogon, which receives and processes CTL+ALT+DEL secure attention sequences (SASs). A custom GINA is responsible for setting itself up to receive SAS events (other than the default CTRL+ALT+DEL SAS event) and notifying Winlogon when SAS events occur. Winlogon will evaluate its state to determine what is required to process the custom GINA's SAS. This processing usually includes calls to the GINA's SAS processing functions.

Winlogon, the GINA, and network providers are the components of the interactive logon model. The interactive logon procedure is normally controlled by Winlogon, MSGina.dll, and network providers. To change the interactive logon procedure, MSGina.dll can be replaced with a customized GINA DLL.

To work with Winlogon, the GINA, and network providers, you should have a firm knowledge of the Windows security architecture, especially with regard to tokens, authentication packages, and related matters. It is essential to set the start parameter for the device driver to system (Winnt.h: SERVICE_SYSTEM_START) to ensure that the driver is loaded by the time the GINA is invoked.

For information about specific functions and structures, see Authentication Reference. This reference section includes descriptions of the functions that a GINA DLL must implement, the Winlogon support functions that the GINA DLL can call, and the data structures used to pass information between Winlogon and the GINA.

Sample GINA code can be found in the Platform Software Development Kit (SDK) Security samples. The samples contain C code for implementing a GINA stub and a GINA hook. For more information about custom GINA DLL development, send an e-mail message to: ginareqs@microsoft.com.

For information about the authentication model supported by Windows and for details about the Local Security Authority (LSA) services and authentication package interfaces, see LSA Authentication.

For information about the aspects of the Local Security Authority that relate to the administration of security policy, which includes trust relationships with other computers and domains, assignment of privileges, audit generation control, system accessibility, and other similar topics, see LSA Policy.

External links http://msdn.microsoft.com/en-us/library/aa380543(VS.85).aspx http://msdn.microsoft.com/en-us/library/aa375457(VS.85).aspx

Retrieved from "https://en.wikipedia.org/w/index.php?title=Graphical_Identification_and_Authentication&oldid=256850666"