Changeset 176

Show
Ignore:
Timestamp:
09/08/05 17:41:18 (3 years ago)
Author:
jonsito
Message:

Changelog NEWS and README's updates

Location:
trunk
Files:
3 modified

Legend:

Unmodified
Added
Removed

  • trunk/ChangeLog

    r167 r176  
     108- Sep 2005 
     2        - Fixes to pam_pkcs11.spec 
     3 
    1407- Sep 2005 
    25        - Conditional compilation of pcsc-lite, curl and ldap dependent 

  • trunk/NEWS

    r9 r176  
     112- Sep 2005 
     2        - Finally pam_pkcs11-0.5.3 is out. 
     3        - New mapper API and Docs 
     4        - Full documentation available 
     5        - New mappers: openssh, openssl, ldap, generic and more 
     6 
    1712- Apr 2005 
    28        - Changed name to pam_pkcs11 

  • trunk/doc/README.mappers

    r17 r176  
    99cert-to-user mapping. 
    1010 
    11 pam-pkcs11 cert mappers provides two functions: 
     11pam-pkcs11 cert mappers provides several functions: 
    1212 
    13131- Deduce a login from certificate 
    14142- Test if a login and a certificate match 
     153- Look into the certificate for an specific data 
    1516 
    1617Normal pam-pkcs11 login process involves the following procedures 
    17     - Enter        login 
     18    - Enter login 
    1819    - Ask for PIN 
    1920    - Open and validate certificate 
     
    3738-------------------------------------------- 
    3839 
    39 pam-pkcs11 implements cert mapper in form of dynamic loaded modules. 
     40pam-pkcs11 implements cert mapper in form of several stackable modules. 
     41Most of them are statically linked; those that depends on external 
     42libraries are provided as dynamic loadable ones 
     43 
    4044You can add as many modules as desired, and the system will try all 
    4145of them in turn, until a match succeed, or end of list is reached. 
     
    5357} 
    5458 
     59Unless you are going to use an internal (static) module with 
     60default values, you should provide a entry for every declared mapper 
     61 
    5562"module" entry is mandatory: is tells pam_pkcs11 where to find the 
    56 dynamic library. Additional entries can be defined but are module 
    57 dependent. 
     63dynamic library (or equals to "internal" if static module is used).  
     64Additional entries can be defined but are module dependent. 
    5865 
    5966 
     
    94101         module the mapping between Cert fields and LDAP entries 
    95102 
    96         This mapper is still under development 
     103        This mapper is still under development. Provided one just search 
     104        for certificates, incoming one will ask for "any" certificate 
     105        content 
    97106 
    98 opensc - Search the certificate public key in 
    99                  ${HOME}/.ssh/autorized_keys in a similar way as OpenSC does. 
    100                  When used as login finder, returns "nobody" 
     107opensc - Search the certificate ${HOME}/.ssh/autorized_certificates  
     108        in a similar way as OpenSC does. 
    101109 
    102         this mapper is still under development 
     110openssh - Search the certificate public key in 
     111         ${HOME}/.ssh/autorized_keys in a similar way as OpenSSH does. 
    103112 
    104113mail   - Try to extract an e-mail from the certificate. If found, 
     
    132141krb    - Try to find and use Kerberos Principal Name as login name 
    133142 
    134         This mapper needs to be written 
    135  
    136143uid    - Use Unique ID field (if found) as login name 
    137144 
     
    154161------------------ 
    155162 
    156 Creating new mappers is easy: just read mapper.h file, provide a file 
    157 that exports the required functions, and modify file 
    158 src/mappers/Makefile.am 
     163Creating new mappers is easy: just read provided Mapper API file,  
     164edit skeleton sample files and follow instructions on how to compile 
     165and link 
    159166 
    160 Mapper.h provides default implementation for required exports. They  
    161 should be overriden by user code, but can be used for testing purposes 
    162  
     167Mapper.h provides default implementation for required some functions.  
     168They should be overriden by user code, but can be used for testing purposes 
    163169 
    164170Wish list 
    165171--------- 
    166172 
    167 - Implement ldap and kerberos mappers 
    168173- Implement PKINIT draft protocol for talking to a kerberos server 
    169174- Use MS Universal Principal Name to autenticate against an MS Active 
     
    171176- Implement mail_aliases parsing for mail mapper module 
    172177 
    173  
    174178Further information 
    175179------------------- 
    176180Please, send mail with patches, comments and suggestions to 
    177 Juan Antonio Martinez <jonsito@teleline.es> 
     181Juan Antonio Martinez <jonsito@teleline.es> or even better, to 
     182OpenSC development mailing list opensc-devel@list.opensc.org 
    178183