Go to the Penn State Home page

Go to the CLC Home page

Go to the ITS Home page
This site uses .Net links. Please use Text Only version for screen readers.  Text Only Printable Version    Secure Server Search CLC:   
   
  CLC Home
  News
  Labs
  Classrooms
  Assistive Technology
  Printing
  Disk Space
  Authentication
  Lab Admin Support
  Contacts
  About Us
  Search

PSU GINA II

7/31/06: The phasing out of PSU GINA at Penn State has been completed.  Please read the details here.   Departments, colleges, and campuses are strongly urged to consider move to alternatives this summer, as described in the notice, even though the software will continue to work until July 2006.

Penn State Authentication for Windows 2000 and XP

Contents

Introduction

GINA (Graphical Interface for Network Authentication) is a replaceable security module for Windows 2000/XP Professional.  A version written by CLC staff that authenticates users with their Penn State Access Account had been used in ITS labs for several years until Fall 2001.  It is currently being phased out of use.

The PSUGina software facilitates access control on NT and Windows 2000 systems using Penn State Access Accounts.  Users do not have to be joined to a local windows domain.  "Generic" domain accounts, usually one per machine, are used.  Additional features include:

Detailed documentation is available to registered users (see below).

News

4/28/05 The phase-out announcement was publicized today.

8/6/03 PSUGina 2.0.2.2 (for W2K) and 2.0.2.2 (for XP) put out today; fixes W2K SP4 incompatibility.   Installer package has been updated, download it via the private pages (go to login page, link above).

Features

All new code (compared to the original PSU gina.dll for NT) has these features:

  1. Implemented as a "stub"
    • the Microsoft msgina.dll remains intact and is used whenever possible;
    • a registry entry tells the system to call psugina.dll for GINA functions;
    • any function that does not need to be handled by psugina is passed on to msgina.
       
  2. Password verification is done by PALS via Windows or DCE
    • a new version of PALS verifies the userid and password and does a user "login" for printing capability with one "light-weight" transaction;
    • if Windows authentication fails for any reason, DCE is used automatically;
    • PALS uses separated threads for each DCE authentication to get around the timeout problem, this is relatively slow;
    • for high availability, PALS is running on a two-node cluster; each node has redundant network connections; a backup server also has two network adapters, thus there are 4 servers to be tried.
       
  3. Can map network shares using the userid and password entered by the user.
      
  4. Keeps log files listing all authentications made via PALS that are accessible by the PSU computer security staff.  Login and logout records are still added to the local event log as they were with the first version of PSU Gina on NT 4.
     
  5. Times-out any screen saver
    • Purpose is to protect the user who walks away without logging off.
    • CAC auto-logoff screen saver is no longer be needed.
    • Any screen saver with "Password protected" property will cause a timer to be started; when that timer expires, a prompt for the user's Access Account password is presented; if that timer expires, the user is logged off.
    • Disabled by un-checking "Password protected" for the screen saver, or not using a screen saver.

Installer

An installer greatly eases installing PSUGina on systems in a domain from a central server.  The user of the installer must have administrative authority for the target machines.  The installer:

Distribution

  1. Access to the code required registration via a web page; a PSU Access Account userid and password is required to register and to access documentation; as announced, the registration of new users has been suspended.
  2. Part time or student employees need to supply the email address of their supervisor, and the supervisor will be contacted to verify that the person has been given management responsibility for a lab or some group of machines, and should be allowed to download the package.  Requests from students without a supervisor's email are ignored.
  3. Registered users are automatically joined to the L-PSU-GINA mailing list for questions and support.
  4. We ask that you do not share the package with other administrators, but instead tell them were to go to register for the package so they are on the mailing list.

Support

Please understand that we are not funded or staffed for support and development of this package, and we do not use it in our own labs.

  1. All questions should be posted to the list, to which you are automatically joined when you register.
  2. Some tips on checking for connectivity to Pals servers are here.
  3. This is peer supported software.  That is, other people who are using it provide most of the answers to questions.  CLC staff monitor the list and answer questions when possible, but often others beat us to it.
  4. Please note that we are NOT using PSU Gina in our labs after summer 2002 when we converted to XP, so our support of this package is now "lighter" (if that is possible).
  5. The installer makes it very easy to install and modify registry entries on your lab machines (and thereby completely screw them up).
  6. You get on the L-PSU-GINA list automatically when you register for the package;
    • that is the only way to subscribe to the list; really; don't send us personal mail to get on the list.
    • write to L-PSU-GINA-request@LISTS.PSU.EDU only to unsubscribe; your access to the software will be removed as well; don't send technical questions to that address.
  7. No phone calls please!
  8. Do not mail questions to ITS help desks or anyone else!  Post them to the list.   See #1.
© 2006, The Pennsylvania State University. All rights reserved.
This site maintained by the Classroom and Lab Computing group of Information Technology Services.
Suggestions and comments about this web site: CLC Webmasters; Other contacts here.

This page was last modified: 1/23/2007 9:15:25 AM.