Passive Mode Login is new functionality added to Novell Client 4.91 SP3. In passive mode, Novell Client defers to the default MS GINA for the initial Windows login. After authentication to the workstation, Novell Client attempts to authenticate to the Novell environment. The functionality was added to Novell Client to allow environments that use Windows AD smart card authentication to function correctly. It allows the smart card to be used to authenticate to AD and eDirectory.
In passive mode, the Windows user name used for workstation authentication is also used for eDirectory authentication. In order to successfully authenticate, the user name must exist in eDirectory, and the client's default location profile must be properly configured with the Tree and Context information.
To enable passive mode login, the following registry keys must be set:
Registry Setting Descriptions:
The following is additional information regarding the Novell Clients Passive Mode and the method:
If PassiveModeNDSLoginRequired set to True (1), the login experience requires a successful Novell authentication in order to succeed.
Login scripts are not processed by NWGINA in passive mode. The workaround is to run them after the GINA login. You can do this by placing a run entry in the registry or you can create an entry in the startup file for Novell login:
In passive mode, the method's card monitoring functionality does not work when set to
on card removal. This is because MSGINA (not NWGINA) is used for the workstation Lock/Unlock functionality.