How to Configure NSL Login to work with ZCM Login

  • 7005947
  • 11-May-2010
  • 30-Apr-2012


Novell SecureLogin
Novell ZENworks 10 Configuration Management


Unable to have a single login that authenticates to NSL, ZCM, and Windows.


For a seamless login to all of these products, the GINA must be set to "NWGINA.DLL".
To do this, ensure that "HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon,GINADLL" is set to "NWGINA.DLL".
NWGINA can run in two modes:  Passive Mode and Non-Passive mode.
1. Passive Mode:

- NWGina creates a GINA chain to MSGINA.
- MSGINA is presented to the user for authentication.
- Windows Authentication happens first. 
- Credentials passed to NWGINA to authenticate to NSL and  ZENworks.
To Enable Passive Mode, create the following registry key:
2.Non-Passive Mode:
 - Completely replace MSGINA.
 - NSL authentication dialog is presented to the user.
 - NSL authentication happens first, then ZENworks Authentication, and finally Windows authentication.
"Non-Passive mode" is the default and NSL and ZCM are installed on the same device and will occur anytime "Passive Mode" it is not explicitly enabled via the registry key above.

Additional Information

Some NSL configurations may require the additional registry key for NSL authentication:

If Novell Client is not used, add the registry key:
HKLM\Software\Protocom\SecureLogin\ForceHKLMandNoDPAPI=1 (DWORD)