 | This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Graphical identification and authentication" – news ·newspapers ·books ·scholar ·JSTOR(March 2017) (Learn how and when to remove this message) |
Thegraphical identification and authentication (GINA) is a component ofWindows NT 3.51,Windows NT 4.0,[1]Windows 2000,Windows XP andWindows Server 2003[2] that provides secure authentication and interactivelogon services. GINA is a replaceabledynamically linked library that is loaded early in the boot process in the context ofWinlogon when the machine is started. It is responsible for handling thesecure attention sequence, typicallyControl-Alt-Delete, and interacting with the user when this sequence is received. GINA is also responsible for starting initial processes for a user (such as theWindows Shell) when they first log on.[3] GINA is discontinued inWindows Vista.[3]
A default GINA library, MSGINA.DLL, is provided by Microsoft as part of the operating system, and offers the following features:
Winlogon can be configured to use a different GINA, providing for non-standard authentication methods such assmart card readers or identification based onbiometrics, or to provide an alternate visual interface to the default GINA. Developers who implement a replacement GINA are required to provide implementations for a set ofAPI calls which cover functionality such as displaying a "workstation locked" dialog, processing the secure attention sequence in various user states, responding to queries as to whether or not locking the workstation is an allowed action, supporting the collection of user credentials onTerminal Services-based connections, and interacting with ascreensaver.
A custom GINA could be made entirely from scratch, or just be the original GINA with modifications. A custom GINA can be specified by placing a string named GinaDLL in theregistry locationHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. The Winlogon component is solely responsible for calling these APIs in the GINA library.
When the Winlogon process starts, it compares its version number to that which is supported by the loaded GINA library. If the GINA library is of a higher version than Winlogon, Windows will not boot. This is done because a GINA library written for a given version of Winlogon will expect a certain set of API calls to be provided by Winlogon.
Support for replaceable GINA DLLs was introduced with Windows NT Server 3.51 and Windows NT Workstation 4.0 SP3. Successive versions of Windows have introduced additional functionality into Winlogon, resulting in additional functionality that can be implemented by a replacement GINA.Windows 2000, for example, introduced support for displaying status messages (including verbose messages that can be turned on throughGroup Policy) about the current state to the user (e.g. "Applying computer settings."), and starting applications in the user's context; this facilitates restartingWindows Explorer automatically if it crashes, as well as starting the Task Manager.Windows XP introduced support forFast User Switching,Remote Desktop and a more interactive, simplified and user-friendly full-screen logon.
InWindows Vista, GINA has been replaced bycredential providers, which allow for significantly increased flexibility in supporting multiple credential collection methods. To support the use of multiple GINA models, a complex chaining method used to be required and custom GINAs often did not work withfast user switching. GINA libraries do not work with Windows Vista and later Windows versions. One difference, however, is that GINA could completely replace the Windows logon user interface; Credential Providers cannot.[2]
