What is a GINA?

Article:TECH106716  |  Created: 1998-01-27  |  Updated: 2006-01-25  |  Article URL http://www.symantec.com/docs/TECH106716
Article Type
Technical Solution

Environment

Issue



You would like general information on what a GINA is and what it is used for.


Solution




Before you begin: pcAnywhere 10.5 does not chain Awgina.dll when installed to Windows 2000 or Windows XP, so the information in this document does not apply. It does, however, apply to pcAnywhere 9.2 and 10.0 when installed under Windows 2000. If you are running Novell Client 4.7, 4.71 or 4.8 with pcAnywhere, please see the document Chaining Novell's GINA to pcAnywhere.

What is a GINA?
When you initially press Ctrl+Alt+Del on a Windows NT system, a logon screen appears. This module is called a GINA, which stands for "Graphical Identification and Authentication." When Microsoft created Windows NT, they meant it to be a secure environment, so you must log on to the NT system before you can do anything else.

The two types of GINAs
  • GINA filter: Adds some additional capabilities to Windows NT, but it does not authenticate the user. You can have multiple GINA filters, as long as each GINA filter can chain to the next GINA filter. There are a number of GINA filters, such as the pcAnywhere AWGINA.DLL, that are available.
  • GINA authenticator: Handles the user authentication. It must be the last GINA called. Most people use one of two GINA authenticators - the Microsoft MSGINA.DLL or the Novell NWGINA.DLL.

Chaining GINAs
Unfortunately, Microsoft does not have a standard for where to store the name of the next GINA in the chain. Most third-party chaining GINAs store the next GINA to chain to in the registry. This means that if another third-party GINA is installed, they can potentially break the GINA chain.
  • Windows NT loads the GINA that is indicated by this Registry value:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
  • If this value is not present, Windows NT loads Microsoft's GINA, MSGINA.DLL.
  • If the pcAnywhere GINA is in use, the value will be:
    :\WINNT\System32\awgina.dll
  • PcAnywhere's AWGINA.DLL loads the next GINA from the registry value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcANYWHERE\CurrentVersion\System\GinaDLL.
  • If this registry value does not exist, then it loads Microsoft's MSGINA.DLL.


What does pcAnywhere's GINA do?
The pcAnywhere AWGINA.DLL provides the following functions:
  • Supports the Ctrl+Alt+Del handling by a pcAnywhere host
  • Optimizes the Desktop by turning off the host's background bitmap and screen saver
  • Allows file transfers only when the user has logged into Windows NT
  • Authenticates the user against NT's user list when you select the "Use NT user privileges" options for callers

Security and AWGINA.DLL
Some customers have expressed concern that AWGINA.DLL opens a security hole into Windows NT. This is not true. AWGINA.DLL does not authenticate the user. AWGINA is present only to provide its listed capabilities. Logging on and authenticating the user are the responsibilities of the GINA that AWGINA chains to. If AWGINA does not chain to a GINA that can authenticate you with Windows NT, it is impossible to log on to Windows NT.

Third-party GINAs
Symantec has tested pcAnywhere with a number of third-party GINAs and has not found any problems. If you believe that you are running into a conflict between pcAnywhere and a third-party GINA, please report this to pcAnywhere technical support and the other company's technical support. The conflicts that we have seen relate to the issue of proper chaining. Once the various registry entries are properly configured, most problems no longer occur.

If the pcAnywhere GINA is not loading
If you can boot in to Windows NT, but the pcAnywhere GINA is not loading, it is best to reinstall pcAnywhere. If you are loading several different programs that provide GINA extensions, you may need to load the applications in a particular order so that the various GINAs chain properly. If you cannot boot into Windows NT and you believe that this is due to a GINA issue, please see the document Windows NT 4.0 blue screens due to GINA issue.







Legacy ID



199852785735


Article URL http://www.symantec.com/docs/TECH106716


Terms of use for this information are found in Legal Notices