New files.

auth_token/client/README

@@ -0,0 +1,67 @@
+/***********************************************************************
+ *
+ *  README for libcasa_c_authtoken
+ *
+ ***********************************************************************/
+
+INTRODUCTION
+
+libcasa_c_authtoken is the client auth_token engine. It is responsible for
+interacting with ATSs, invoking the authentication mechanism plug-ins, and
+managing the authentication token cache. libcasa_c_authtoken also provides
+the Get Authentication Token API.
+
+CONFIGURING ADDITIONAL AUTHENTICATION MECHANISM MODULES
+
+libcasa_c_authtoken utilizes mechanism plug-ins for authenticating to ATSs.
+The client auth_token package installs mechanisms for the support of Kerberos5
+and Username/Password authentication. To configure additional authentication mechanism
+plug-ins, place their configuration file in the folder for CASA Authentication Token module
+configuration. The path to this folder under linux is /etc/opt/novell/CASA/authtoken.d/modules.d.
+The path to this folder under Windows is \Program Files\novell\CASA\auth\mechanisms. The name of
+the plug-in configuration file is related to the authentication mechanism type in the following
+manner: AuthenticationMechanismTypeName.conf.
+
+Authentication Mechanism plug-in configuration files must must contain a directive indicating the
+path to the library implementing the Authentication Mechanism (See the configuration file
+for the Kr5Authenticate plug-in for an example).
+
+CLIENT APPLICATION PROGRAMMING NOTES
+
+The Get CASA Authentication Token API is defined in casa_c_authtoken.h.
+
+The API consists of a call to obtain authentication tokens. The caller must supply the name of the
+service to which it wants to authenticate along with the name of the host where it resides. The
+returned authentication token is a Base64 encoded string.
+
+Applications utilizing CASA Authentication Tokens as passwords in protocols that require the
+transfer of user name and password credentials should verify or remove any password length limits
+as the length of CASA Authentication Tokens may be over 1K bytes. The size of the CASA Authentication
+Tokens is directly dependent on the amount of identity information configured as required by the
+consuming service. These applications should also set the user name to "CasaPrincipal".
+
+For examples of code which uses the Get CASA Authentication Token API look at the test application
+under the test folder.
+
+AUTHENTICATION MECHANISM PROGRAMMING NOTES
+
+The Authentication Mechanism API is defined in mech_if.h.
+
+For example implementations see the code for the krb5 and the pwd mechanisms.
+
+SECURITY CONSIDERATIONS
+
+CASA Authentication Tokens when compromised can be used to either impersonate
+a user or to obtain identity information about the user. Because of this it is
+important that the tokens be secured by applications making use of them. It is
+recommended that the tokens be transmitted using SSL.
+ 
+
+
+
+                
+
+
+
+
+

auth_token/client/TODO

@@ -0,0 +1,18 @@
+/***********************************************************************
+ *
+ *  TODO for libcasa_c_authtoken
+ *
+ ***********************************************************************/
+
+INTRODUCTION
+
+This file contains a list of the items still outstanding for libcasa_c_authtoken.
+
+OUTSTANDING ITEMS
+
+- Implementation of Linux specific code.
+- Re-structure the token cache to differentiate between Session Tokens and Authentication Tokens.
+- Use the CASA cache as the token store.
+- Switch Client/Server protocol to use SOAP Messages.
+- Enable communications over HTTPS instead of over HTTP.
+