6.2 GINA Credential Pass-Through

With the Novell SecureLogin Citrix components installed, Novell SecureLogin provides a seamless pass-through of GINA credentials from the client to the server. The GINA credential pass-through operates anytime that the terminal server presents a GINA login panel. If the credentials that the user used to log in to the client match the credentials of the terminal server, the credentials are automatically passed for the user. If the credentials do no match, Novell SecureLogin captures the error and presents a new login panel for the user to complete. Novell SecureLogin detects which GINA is running on the Citrix server and requests the appropriate information.

For example, if Novell SecureLogin detects that the terminal server has the Novell Client installed, Novell SecureLogin presents the following dialog box:

Figure 6-1 NDS Credentials

After the user completes the dialog box, Novell SecureLogin saves the information as a hidden application (platform) within the Novell SecureLogin datastore directory (and local cache if applicable). The next time the user accesses the terminal server, the credentials are retrieved from the hidden application and seamlessly passed to the terminal server.

Several components are utilized by Novell SecureLogin to perform the GINA pass-through authentication. Depending on the configuration, different modules are required. The credentials are retrieved from the hidden application and seamlessly passed to the terminal server.

6.2.1 What Happens when GINA Pass-Through is Working?

  1. The users boots the workstation.

  2. He or she is prompted to enter the credentials to log in.

    The Novell SecureLogin client interface module captures the login credentials, encrypts, and stores the details in the workstation registry.

  3. Novell SecureLogin loads on the workstation and reads the encrypted credentials from the registry and stores the values to the ?sys variable.

  4. The user initiates the a Citrix session through the ICA Client, RDP Client, or the SLLauncher.

  5. Novell SecureLogin detects the Citrix session and establishes the virtual channel.

  6. When the login is required within the Citrix session, Novell SecureLogin client interface modules on the server query the virtual channel for the pass-through credentials.

  7. After the credentials are obtained through the virtual channel, Novell SecureLogin passes the credentials to the configured authentication service.