Manuals / Sun Microsystems / Computer Equipment / Computer Accessories

Sun Microsystems 3.0.0 user manual Custom external Vrdp authentication

Models: 3.0.0

1 259
Download 259 pages 49.67 Kb
Page 129
Image 129

9 Advanced topics

Note: The VirtualBox GINA is implemented as a wrapper around the standard Windows GINA (MSGINA.DLL) so it will most likely not work correctly with 3rd party GINA modules.

To set credentials, use the following command on a running VM:

VBoxManage controlvm "Windows XP"

setcredentials "John Doe" "secretpassword" "DOMTEST"

While the VM is running, the credentials can be queried by the VirtualBox GINA module using the VirtualBox Guest Additions device driver. When Windows is in “logged out” mode, the GINA module will constantly poll for credentials and if they are present, a logon will be attempted. After retrieving the credentials, the GINA module will erase them so that the above command will have to be repeated for subsequent logons.

For security reasons, credentials are not stored in any persistent manner and will be lost when the VM is reset. Also, the credentials are “write-only”, i.e. there is no way to retrieve the credentials from the host side. Credentials can be reset from the host side by setting empty values.

Depending on the particular variant of the Windows guest, the following restrictions apply:

1.For Windows XP guests, the logon subsystem has to be configured to use the classical logon dialog as the VirtualBox GINA does not support the XP style wel- come dialog.

2.Since Windows Vista, GINA has been replaced with a newer concept. VBoxGINA will not work with Windows Vista or Windows 7; support for these versions will be added in a later version of VirtualBox.

The following command forces VirtualBox to keep the credentials after they were read by the guest and on VM reset:

VBoxManage setextradata "Windows XP" VBoxInternal/Devices/VMMDev/0/Config/KeepCredentials 1

Note that this is a potential security risk as a malicious application running on the guest could request this information using the proper interface.

9.3 Custom external VRDP authentication

As described in chapter 7.4.4, RDP authentication, page 97, VirtualBox supports arbi- trary external modules to perform authentication with its VRDP servers. When the au- thentication method is set to “external” for a particular VM, VirtualBox calls the library that was specified with VBoxManage setproperty vrdpauthlibrary. This li- brary will be loaded by the VM process on demand, i.e. when the first RDP connection is made by an external client.

129

Page 128 Page 130
Page 129
Image 129
Sun Microsystems 3.0.0 user manual Custom external Vrdp authentication
Page 128 Page 130