In releases prior to Windows Vista, the customization of interactive user logon was done by creating a custom GINA. Users entered their authentication credentials in the logon UI and GINA passed this information to Winlogon for authentication. However, because GINAs do more than pass authentication information, they are typically difficult to implement.
Windows Vista introduced a new authentication model where the logon UI and Winlogon talk directly with each other. A credential provider is a module that plugs into the logon UI and describes the credential information required for the login UI to render and to communicate with an external authentication provider. After the credential provider gathers the credential information, it passes the final credentials to Winlogon.
There are two basic types of credential providers: standard authentication and Pre-Logon Access Providers (PLAP). Standard authentication includes password-based or certificate-based credentials. A PLAP is a special type of credential provider that allows users to make a network connection before logging in to their system. Another difference between these two types of providers is timeout. PLAP credentials have no timeout where standard credentials typically have a 120 second timeout.
The VPN tunneling credential provider is a PLAP provider. This provider is visible only if the system is configured as part of a domain. The VPN tunneling provider creates a network connection. If the user’s credentials are the same as the domain credential (SSO) then the credential information is entered only once. If the user’s credentials are not the same as the domain credentials, the users selects another credential provider for domain authentication.
After a user logs in through VPN tunneling credential providers, the user has 5 minutes to log in to Vista either through single sign-on or through another credential provider. After the user logs into Vista, VPN tunneling attaches to the tunnel. If the user does not log in to Vista within 5 minutes, the VPN tunneling tunnel is disconnected.
To install the VPN tunneling credential provider,
To use credential provider:
You should see the Network logon icon. If you see only the Windows user standard tiles, click the Switch user option under the standard Windows credential tiles to see the Network logon icon.
VPN tunneling signs the user in to the default URL and proxy server in config.ini.
Note: If your Connect Secure credential is not the same as your Windows domain credential, an alert box appears. Click OK and enter your Connect Secure credentials in the login window that appears. The window also contains an option button to launch another window to enter a URL, proxy server, and so forth.
VPN tunneling credential provider supports the following authentication provider: local authentication, LDAP, RADIUS (UN/PWD only), NIS, ADS and Dial-up connection. In additional, smart card credential provider supports certificate login.