Graphical identification and authentication: Difference between revisions

The '''graphical identification and authentication''' ('''GINA''') library is a component of some [[Microsoft Windows]] [[operating system]]s that provides secure authentication and interactive [[Logging (computer security)|logon]] services.

GINA is a replaceable [[dynamically linked library]] that is loaded early in the contextboot ofprocess in the context of [[Winlogon]] process when the machine is started. It is responsible for handling the [[secure attention key|secure attention sequence]], typically [[Control-Alt-Delete]], and interacting with the user when this sequence is received. GINA is also responsible for starting initial processes for a user (such as the [[Windows Shell]]) when they first log on.

Winlogon can be configured to use a different GINA, providing for non-standard authentication methods such as [[smart card]] readers or identification based on [[biometrics]], or to provide an alternate visual interface to the default GINA. Developers who implement a replacement GINA are required to provide implementations for a set of [[Application programming interface|API]] calls which cover functionality such as displaying a "workstation locked" dialog, processing the secure attention sequence in various user states, responding to queries as to whether or not locking the workstation is an allowed action, supporting the collection of user credentials on [[Terminal Services]]-based connections, and interacting with a [[screensaver]].

A custom GINA could be made entirely from scratch, or just be the original GINA with modifications. A custom GINA can be specified by placing a string named GinaDLL in the [[Windows registry | registry]] ___location <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</code>. The Winlogon component is solely responsible for calling these APIs in the GINA library.

Support for replaceable GINA DLLs was introduced with Windows NT Server 3.51 and Windows NT Workstation 4.0 SP3. Successive versions of Windows have introduced additional functionality into Winlogon, resulting in additional functionality that can be implemented by a replacement GINA. [[Windows 2000]], for example, introduced support for displaying status windowsmessages (including verbose messages that can be turned on through [[Group Policy]]) about the current state to the user (e.g. "Applying computer settings..."), and starting applications in the user's context; this facilitates restarting [[Windows Explorer]] automatically if it crashes, as well as starting the Task Manager. [[Windows XP]] introduced some support for [[Fast User Switching]], [[Remote Desktop Protocol|Remote Desktop]] and a more interactive, simplified and user-friendly full-screen logon.