9 Advanced topics
Note:
The VirtualBox GINA is implemented as a wrapper around the standard
Windows GINA (
MSGINA.DLL
) so it will most likely not work correctly with
3rd party GINA modules.
To set credentials, use the following command on a
running
VM:
VBoxManage controlvm "Windows XP"
setcredentials "John Doe" "secretpassword" "DOMTEST"
While the VM is running, the credentials can be queried by the VirtualBox GINA
module using the VirtualBox Guest Additions device driver. When Windows is in
“logged out” mode, the GINA module will constantly poll for credentials and if they are
present, a logon will be attempted. After retrieving the credentials, the GINA module
will erase them so that the above command will have to be repeated for subsequent
logons.
For security reasons, credentials are not stored in any persistent manner and will be
lost when the VM is reset. Also, the credentials are “write-only”, i.e. there is no way to
retrieve the credentials from the host side. Credentials can be reset from the host side
by setting empty values.
Depending on the particular variant of the Windows guest, the following restrictions
apply:
1. For
Windows XP guests,
the logon subsystem has to be configured to use the
classical logon dialog as the VirtualBox GINA does not support the XP style wel-
come dialog.
2. Since
Windows Vista,
GINA has been replaced with a newer concept. VBoxGINA
will not work with Windows Vista or Windows 7; support for these versions will
be added in a later version of VirtualBox.
The following command forces VirtualBox to keep the credentials after they were
read by the guest and on VM reset:
VBoxManage setextradata "Windows XP"
VBoxInternal/Devices/VMMDev/0/Config/KeepCredentials 1
Note that this is a potential security risk as a malicious application running on the
guest could request this information using the proper interface.
9.3 Custom external VRDP authentication
As described in chapter
7.4.4
,
RDP authentication
, page
97
, VirtualBox supports arbi-
trary external modules to perform authentication with its VRDP servers. When the au-
thentication method is set to “external” for a particular VM, VirtualBox calls the library
that was specified with
VBoxManage setproperty vrdpauthlibrary
. This li-
brary will be loaded by the VM process on demand, i.e. when the first RDP connection
is made by an external client.
129