Environment
Windows 2003 Server with Terminal Services
Novell SecureLogin
NSL6.1
RSA Token Login
Novell SecureLogin
NSL6.1
RSA Token Login
Situation
How do you set up the GINA Chain with RSA and SecureLogin?
How do you configure a Windows Server to use both an RSA Token login and NSL Passthrough?
RSA token login fails after installing SecureLogin
NSL passthrough fails after installing RSA Token Login
Last one of the two installed works.
How do you configure a Windows Server to use both an RSA Token login and NSL Passthrough?
RSA token login fails after installing SecureLogin
NSL passthrough fails after installing RSA Token Login
Last one of the two installed works.
Resolution
Implement GINA chaining. Edit the registry to first call the RSA GINA, and then the SecureLogin GINA (note, the SecureLogin GINA simply allows for passthough authentication as explained in tid 7000950.
In HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, associate GinaDLL with sdgina.dll (the RSA GINA), and SDNextGina with sl_tsgina.dll (the SecureLogin passthrough GINA). When finished with its own operations, SL_tsgina will call msgina.dll by default. The registry should look like this:
If sl_tsgina.dll should NOT call msgina, i.e. there is another GINA such as CTXGina (Citrix) in the chain, add ProtocomPassthroughdll to the registry and point it to the next gina in the chain, as shown:
In the above example,
1. GinaDll calls sdgina as the first gina in the chain.
2. SDNextGina points to sl_tsgina, the second gina in the chain.
3. ProtocomPassthroughDll points to ctxgina, third in the chain.
4. CTXGina finally calls msgina as the fourth and last gina in the chain.
In HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, associate GinaDLL with sdgina.dll (the RSA GINA), and SDNextGina with sl_tsgina.dll (the SecureLogin passthrough GINA). When finished with its own operations, SL_tsgina will call msgina.dll by default. The registry should look like this:
If sl_tsgina.dll should NOT call msgina, i.e. there is another GINA such as CTXGina (Citrix) in the chain, add ProtocomPassthroughdll to the registry and point it to the next gina in the chain, as shown:
In the above example,
1. GinaDll calls sdgina as the first gina in the chain.
2. SDNextGina points to sl_tsgina, the second gina in the chain.
3. ProtocomPassthroughDll points to ctxgina, third in the chain.
4. CTXGina finally calls msgina as the fourth and last gina in the chain.