Sophie

Sophie

distrib > * > cooker > x86_64 > by-pkgid > 96f66ceb9d936689a5c11312d3ec5a6a > files > 18

pam_pkcs11-0.6.8-1.x86_64.rpm

0.6 will be a finish-code release. Fix source tree estructure, 
define devel api and code all to-be-written mappers are task to do

Expected things to be done in 0.6 release:

- Create and Define a pam-pkcs11 mapper API & library. 
  This is mostly done at 0.5.3, but some cleaning is needed. 
  * Create a mapper "devel" package
  * Use OpenSC libp11 pkcs11 library

- Add remote CA's and CRL's lookups
  Actually, CA's and local CRL's are stored as hash dir. Need
  to recode to use URL's as data sources

- Finish mapper coding 
  * opensc:
	- Generic mapping files
	0.5.3 searches in ${HOME}/.eid/authorized_certificates. Needs
	an additional tool to manage a "global" certificate file with
	user mappings
  * openssh:
	- Same as opensc. Hint: use "comment" field on ssh public keys
	to store login name
  * ldap mapper:
	- Allow use of any certificate content to make queries
	- find() function is too expensive when navigate across
	databases of thousand of users. Need to optimize search
	filters.
  * database mapper:
	- Define and create a UnixODBC based database mapper
  * Compile as static all mappers that does not depend on extra
  libraries

- Debian packaging
  Sorry: I only know on RPM packaging. Any volunteer?

0.7 is a try to real-life implementation: MS Active directory
configuration, NSS aware configurations, LDAP settings,
many samples and docs, general cleanups, etc. 

Things to be done in 0.7 release:
- Review all mappers that depends on remote connections.
  * conditional queries instead of getpwent() query loop

- Allow pam-pkcs11 login against MS Active Directory
  * Changes to MS_mapper to real use of UPN Domain
  * Documentation and samples

- Manuals on LDAP, NSS and so installations

- ncurses (gtk?) tool to create/edit mapfiles

0.8 will be a major cleanup: bugfixes, optimizations, pam-session
handling. Most important: pkinit aware pam module is to be scheduled
here

Things to be done in 0.8 release

- Call for pin only when needed
- Use certificate only if available for authentication
- Implement of Kerberos PKINIT specification. Rewrite of kpn mapper
- Check content-type of cert fields instead assume utf-8
- proper handle of free() calls when needed

0.9 will be a preview version. No more items are expected to add, 
just bugfixes and feedbacks from users. 
Perhaps it's time for i18n issues

1.0 That's all folks!

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional