What is the Citrix GINA?

Most people know that when installing MetaFrame Presentation Server, the standard Microsoft GINA is replaced by a Citrix GINA. However, it turns out that a lot of people don’t know exactly what a GINA is and why Citrix does this.

Most people know that when installing MetaFrame Presentation Server, the standard Microsoft GINA is replaced by a Citrix GINA. However, it turns out that a lot of people don’t know exactly what a GINA is and why Citrix does this.

What is a GINA?

The word “GINA” is an acronym for “graphical identification and authentication.” In regular Windows systems, the GINA is a DLL file called msgina.dll that’s responsible for the bit of code that displays the “Press CTRL+ALT+DEL to log on” and that accepts your username and password.

In case the default GINA from Microsoft does not provide all the functionality that a software vendor needs, the default GINA can be replaced with one from the third-party vendor. The most obvious example of this is probably from Novell. When you install Novell’s Client32 software, Microsoft’s default GINA is replaced by one from Novell that adds functionality for authenticating to NDS trees. (When this happens you can see the difference. Novell’s GINA has many more options than Microsoft’s, and it’s red and white instead of blue and gray.)

In technical terms, installing the Novell Client32 configures a system to use a file called nwgina.dll as the GINA instead of the default msgina.dll from Microsoft. The GINA that a particular system uses is configured on a system-wide basis in the following registry location: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVerson\WinLogon. A string value called “GinaDLL” contains the name of the GINA file that the system should use.

Once you install Citrix MetaFrame Presentation Server on a Terminal Server, you’ll see that that registry value is automatically set to “ctxgina.dll,” which is Citrix’s custom GINA.

Why does Citrix replace the default Microsoft GINA?

As we mentioned previously, third-party software vendors can install their own custom GINAs. The custom GINAs can totally replace the default Microsoft GINA, or they can simply augment the Microsoft GINA, adding a few new features here and there. (The specific behavior of a new GINA is dictated by how the GINA is actually written, not by any specific registry key.)

In the case of Citrix’s MetaFrame GINA, Citrix decided to simply add a few new features to Microsoft’s GINA. Basically, they’ve extended it in a way that allows their GINA to intercept any Citrix-specific calls. Standard Microsoft GINA calls are simply handed over to the Microsoft GINA. In a sense, you could say that a MetaFrame Presentation Server makes use of both the Microsoft and Citrix GINAs.

Specifically, Citrix built their own GINA to support the following Citrix functionality:

  • Auto client reconnect / Session Reliability
  • The automatic passing of credentials to the server via ICA
  • Long password support via ICA (greater than 15 characters)
  • UPN (User Principal Name) style logon via ICA

If you choose to edit the registry to change the GINA back to the default Microsoft GINA, then Citrix MetaFrame will still work. However, you’ll lose the advanced functionality specified above.

The only other thing worth mentioning when talking about the GINA is that which GINA a connection uses can be somewhat controlled within that connection’s configuration. For example, within a connection’s properties in the Citrix Connection Configuration utility (double-click the connection name | select the “Advanced” button) there is an checkbox labeled “Use Default NT Authentication.”

Checking that box forces any sessions connecting via that connection to use the default msgina.dll instead of any third party GINA that might be specified in the registry. I’m not exactly sure why you’d want to do that, but the option is there if you want it.

Well, that pretty much sums up all you need to know about the GINA in a MetaFrame Presentation Server environment. There’s not really any action you have to take on this—I just felt that this was good information to have.

Join the conversation

9 comments

Send me notifications when other members comment.

Please create a username to comment.

This message was originally posted by an anonymous visitor on September 12, 2004
Brian,

How does the Metaframe GINA work with both the Novell GINS and the MS Gina? Since Novell has already replaced MS, how then does Metaframe replace it a third time and not break the Novell stuff? Or does it break it...
Cancel
This message was originally posted by Michael Burke on September 13, 2004
Typically, Citrix replaces the GinaDLL entry with ctxgina.dll, then creates a second entry labeled "ctxgina" and puts in whichever GINA is to be used by the server by default (msgina.dll or nwgina.dll).
Cancel
This message was originally posted by Brian Madden on September 13, 2004
That's right. But what's also important to note is that the Citrix GINA (or any third-party GINA) only handles the Citrix-specific calls. Anything else it passes on to the regular GINA. It acts a lot like a filter in this case.
Cancel
This message was originally posted by an anonymous visitor on September 14, 2004
or a "stub" gina as they are known.
Cancel
This message was originally posted by Gus on September 12, 2004
Brian congratulations for this article. It's very very useful for technical people, I aways have people coming to me asking about Citrix authentication and how it works. Thanks for bringing this "wide open" to the public!
Cancel
This message was originally posted by considering vasoftware's gina on September 18, 2004
what if the guys from va-software (va-linux, sourcforge, osdn, ...) would write a gina for windows. i think we then would finally get a vagina.dll

man that would rock my day. keep up the sexor. microsofts software is just too plain and boring. it could really need some sexoring and new stuff.

happy vagina.dll-calling
Cancel
This message was originally posted by an anonymous visitor on December 9, 2004
Way to go!
Cancel
Gina the princess warrior :-)  Thx Brian !!! Nice article
Cancel
muppet!
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close