| 1 | 0.6 will be a finish-code release. Fix source tree estructure, |
|---|
| 2 | define devel api and code all to-be-written mappers are task to do |
|---|
| 3 | |
|---|
| 4 | Expected things to be done in 0.6 release: |
|---|
| 5 | |
|---|
| 6 | - Create and Define a pam-pkcs11 mapper API & library. |
|---|
| 7 | This is mostly done at 0.5.3, but some cleaning is needed. |
|---|
| 8 | * Create a mapper "devel" package |
|---|
| 9 | * Use OpenSC libp11 pkcs11 library |
|---|
| 10 | |
|---|
| 11 | - Add remote CA's and CRL's lookups |
|---|
| 12 | Actually, CA's and local CRL's are stored as hash dir. Need |
|---|
| 13 | to recode to use URL's as data sources |
|---|
| 14 | |
|---|
| 15 | - Finish mapper coding |
|---|
| 16 | * opensc: |
|---|
| 17 | - Generic mapping files |
|---|
| 18 | 0.5.3 searches in ${HOME}/.eid/authorized_certificates. Needs |
|---|
| 19 | an additional tool to manage a "global" certificate file with |
|---|
| 20 | user mappings |
|---|
| 21 | * openssh: |
|---|
| 22 | - Same as opensc. Hint: use "comment" field on ssh public keys |
|---|
| 23 | to store login name |
|---|
| 24 | * ldap mapper: |
|---|
| 25 | - Allow use of any certificate content to make queries |
|---|
| 26 | - find() function is too expensive when navigate across |
|---|
| 27 | databases of thousand of users. Need to optimize search |
|---|
| 28 | filters. |
|---|
| 29 | * database mapper: |
|---|
| 30 | - Define and create a UnixODBC based database mapper |
|---|
| 31 | * Compile as static all mappers that does not depend on extra |
|---|
| 32 | libraries |
|---|
| 33 | |
|---|
| 34 | - Debian packaging |
|---|
| 35 | Sorry: I only know on RPM packaging. Any volunteer? |
|---|
| 36 | |
|---|
| 37 | 0.7 is a try to real-life implementation: MS Active directory |
|---|
| 38 | configuration, NSS aware configurations, LDAP settings, |
|---|
| 39 | many samples and docs, general cleanups, etc. |
|---|
| 40 | |
|---|
| 41 | Things to be done in 0.7 release: |
|---|
| 42 | - Review all mappers that depends on remote connections. |
|---|
| 43 | * conditional queries instead of getpwent() query loop |
|---|
| 44 | |
|---|
| 45 | - Allow pam-pkcs11 login against MS Active Directory |
|---|
| 46 | * Changes to MS_mapper to real use of UPN Domain |
|---|
| 47 | * Documentation and samples |
|---|
| 48 | |
|---|
| 49 | - Manuals on LDAP, NSS and so installations |
|---|
| 50 | |
|---|
| 51 | - ncurses (gtk?) tool to create/edit mapfiles |
|---|
| 52 | |
|---|
| 53 | 0.8 will be a major cleanup: bugfixes, optimizations, pam-session |
|---|
| 54 | handling. Most important: pkinit aware pam module is to be scheduled |
|---|
| 55 | here |
|---|
| 56 | |
|---|
| 57 | Things to be done in 0.8 release |
|---|
| 58 | |
|---|
| 59 | - Call for pin only when needed |
|---|
| 60 | - Use certificate only if available for authentication |
|---|
| 61 | - Implement of Kerberos PKINIT specification. Rewrite of kpn mapper |
|---|
| 62 | - Check content-type of cert fields instead assume utf-8 |
|---|
| 63 | - proper handle of free() calls when needed |
|---|
| 64 | |
|---|
| 65 | 0.9 will be a preview version. No more items are expected to add, |
|---|
| 66 | just bugfixes and feedbacks from users. |
|---|
| 67 | Perhaps it's time for i18n issues |
|---|
| 68 | |
|---|
| 69 | 1.0 That's all folks! |
|---|
