Introduction

Winlogon is the component of Microsoft® Windows NT™ that provides interactive logon support. To allow for ISV and developer modifications to the interactive logon model, some aspects of Winlogon are replacable. In particular, the identification and authentication aspects of Winlogon are implemented in a replacable DLL. This replacable DLL is refered to as the Graphical Identification and Authentication DLL, or GINA. GINA allows developers to implement smart-card, retinal scan, or other authentication mechanisms in place of the standard Windows NT user name/password authentication. This document provides a programmer's reference for anyone who needs to implement such a replacement DLL. The primary goal of this document is to describe what functionality is expected of or can be achieved by the various components involved in interactive logon. In other words, what does Winlogon take care of, what must a GINA developer take care of, and what else is there?

Readers of this document should have a firm knowledge of the Windows NT security architecture, especially with regard to tokens, authentication packages, and related matters.