CASA/doc/Readme.txt

412 lines
14 KiB
Plaintext
Raw Normal View History

2005-10-27 22:08:08 +02:00
Common Authentication Service Adapter (CASA)
1.0 Overview
2.0 Documentation
2005-11-24 01:09:10 +01:00
3.0 Known Issues
4.0 Legal Notices
2005-10-27 22:08:08 +02:00
1.0 Overview
Common Authentication Service Adapter (CASA) provides
a common infrastructure for client authentication
across the Linux* and Microsoft* Windows* desktops.
Novell products (such as GroupWise, GroupWise
Messenger, iPrint, Novell iFolder, and the Novell
clients for Windows and Linux) are integrated with the
miCASA interface and can take advantage of the
credential store that provides the cornerstone for
CASA.
The main components of CASA on Linux are:
- CASA Identity Development Kit (IDK): The IDK
provides a set of APIs that application and service
developers can use to write user/application
credentials to the credential store. The IDK APIs
internally store the credentials passed onto them
by the applications in miCASAd. There are C, C++,
C# and Java bindings available for the CASA IDK.
- miCASAd: An active component that starts during
boot time. On Linux, miCASAd is available in the
run-levels 1, 2, 3 and 5. It runs with root
privileges and is active as long as the system is
up. It stores and provides credentials or secrets
based on the Linux user identifier (uid) of the
process that makes the IDK API calls. The
credentials, which are stored by applications in
miCASAd, are maintained only in memory for the
first release. Session-based secrets implies
secrets that are stored in an in-memory cache, are
available only as long as the user is in session on
the desktop, and are destroyed when miCASA daemon
is restarted or the user logs off.
Any PAM module that uses the IDK APIs must set its
effective user id temporarily to that of the user
logging in (the user returned by calling
pam_get_user()), if the credentials need to be
stored against that user. There might be cases
where the user obtained through pam_get_user()
might not be the one against whom the PAM module
actually intends to store credentials.
- Login Credential Capture Module: On Linux, the
login credential capture module is implemented as a
PAM module. This PAM module captures the user's
desktop login credentials and stores them in
miCASAd using the IDK APIs. This PAM module is
placed as the last module in the auth and session
stacks of xdm, gdm, kdm, login and sshd PAM
configuration files. In the auth stack, the
functionality of this module is to store the
credentials in miCASAd and in the session
stack, then closes the user's session with miCASAd.
2.0 Documentation
To read or print the documentation, you need Adobe
Acrobat Reader 4.0
(http://www.adobe.com/prodindex/acrobat/readstep.html)
.
The document in this download was created as a
standalone file; therefore, links to files in other
downloads will not resolve.
The download includes a single file: casa_enu.pdf in
the [install directory]\NDK\doc\casa directory.
2005-11-24 01:09:10 +01:00
3.0 Known issues
- Secrets with IDs using reserved characters may fail.
These will be fixed in a future release. Reserved
characters are
:
\
4.0 Legal Notices
2005-10-27 22:08:08 +02:00
Novell, Inc. makes no representations or warranties
with respect to the contents or use of this
documentation, and specifically disclaims any express
or implied warranties of merchantability or fitness
for any particular purpose. Further, Novell, Inc.
reserves the right to revise this publication and to
make changes to its content, at any time, without
obligation to notify any person or entity of such
revisions or changes.
Further, Novell, Inc. makes no representations or
warranties with respect to any software, and
specifically disclaims any express or implied
warranties of merchantability or fitness for any
particular purpose. Further, Novell, Inc. reserves the
right to make changes to any and all parts of Novell
software, at any time, without any obligation to
notify any person or entity of such changes.
You may not use, export, or re-export this product in
violation of any applicable laws or regulations
including, without limitation, U.S. export regulations
or the laws of the country in which you reside.
Copyright 2005 Novell, Inc. All rights reserved.
Permission is granted to copy, distribute, and/or
modify this document under the terms of the GNU Free
Documentation License (GFDL), Version 1.2 or any later
version, published by the Free Software Foundation
with no Invariant Sections, no Front-Cover Texts, and
no Back-Cover Texts. A copy of the GFDL can be found
at http://www.fsf.org/licenses/fdl.html.
THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT
ARE PROVIDED UNDER THE TERMS OF THE GNU FREE
DOCUMENTATION LICENSE WITH THE FURTHER UNDERSTANDING
THAT:
1. THE DOCUMENT IS PROVIDED ON AN "AS IS" BASIS,
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES
THAT THE DOCUMENT OR MODIFIED VERSION OF THE DOCUMENT
IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR
PURPOSE, OR NON-INFRINGING. THE ENTIRE RISK AS TO THE
QUALITY, ACCURACY, AND PERFORMANCE OF THE DOCUMENT OR
MODIFIED VERSION OF THE DOCUMENT IS WITH YOU. SHOULD
ANY DOCUMENT OR MODIFIED VERSION PROVE DEFECTIVE IN
ANY RESPECT, YOU (NOT THE INITIAL WRITER, AUTHOR OR
ANY CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF
WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS
LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED VERSION OF
THE DOCUMENT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS
DISCLAIMER; AND
2. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY,
WHETHER IN TORT (INCLUDING NEGLIGENCE), CONTRACT, OR
OTHERWISE, SHALL THE AUTHOR, INITIAL WRITER, ANY
CONTRIBUTOR, OR ANY DISTRIBUTOR OF THE DOCUMENT OR
MODIFIED VERSION OF THE DOCUMENT, OR ANY SUPPLIER OF
ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK
STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND
ALL OTHER DAMAGES OR LOSSES ARISING OUT OF OR RELATING
TO USE OF THE DOCUMENT AND MODIFIED VERSIONS OF THE
DOCUMENT, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED
OF THE POSSIBILITY OF SUCH DAMAGES.
Novell, Inc. has intellectual property rights relating
to technology embodied in the product that is
described in this document. In particular, and without
limitation, these intellectual property rights may
include one or more of the U.S. patents listed at
http://www.novell.com/company/legal/patents/ and one
or more additional patents or pending patent
applications in the U.S. and in other countries.
AppNotes is a registered trademark of Novell, Inc.
AppTester is a registered trademark of Novell, Inc. in
the United States.
ASM is a trademark of Novell, Inc.
BorderManager is a registered trademark of Novell,
Inc.
BrainShare is a registered service mark of Novell,
Inc. in the United States and other countries.
C3PO is a trademark of Novell, Inc.
Certified Novell Engineer is a service mark of Novell,
Inc.
Client32 is a trademark of Novell, Inc.
CNE is a registered service mark of Novell, Inc.
ConsoleOne is a registered trademark of Novell, Inc.
Controlled Access Printer is a trademark of Novell,
Inc.
Custom 3rd-Party Object is a trademark of Novell, Inc.
DeveloperNet is a registered trademark of Novell, Inc.
in the United States and other countries.
DirXML is a registered trademark of Novell, Inc.
eDirectory is a trademark of Novell, Inc.
Excelerator is a trademark of Novell, Inc.
exteNd is a trademark of Novell, Inc.
exteNd Director is a trademark of Novell, Inc.
exteNd Workbench is a trademark of Novell, Inc.
FAN-OUT FAILOVER is a trademark of Novell, Inc.
GroupWise is a registered trademark of Novell, Inc. in
the United States and other countries.
Hardware Specific Module is a trademark of Novell,
Inc.
Hot Fix is a trademark of Novell, Inc.
iChain is a registered trademark of Novell, Inc.
Internetwork Packet Exchange is a trademark of Novell,
Inc.
IPX is a trademark of Novell, Inc.
IPX/SPX is a trademark of Novell, Inc.
jBroker is a trademark of Novell, Inc.
Link Support Layer is a trademark of Novell, Inc.
LSL is a trademark of Novell, Inc.
ManageWise is a registered trademark of Novell, Inc.,
in the United States and other countries.
Mirrored Server Link is a trademark of Novell, Inc.
Mono is a registered trademark of Novell, Inc.
MSL is a trademark of Novell, Inc.
My World is a registered trademark of Novell, Inc. in
the United States.
NCP is a trademark of Novell, Inc.
NDPS is a registered trademark of Novell, Inc.
NDS is a registered trademark of Novell, Inc. in the
United States and other countries.
NDS Manager is a trademark of Novell, Inc.
NE2000 is a trademark of Novell, Inc.
NetMail is a registered trademark of Novell, Inc.
NetWare is a registered trademark of Novell, Inc. in
the United States and other countries.
NetWare/IP is a trademark of Novell, Inc.
NetWare Core Protocol is a trademark of Novell, Inc.
NetWare Loadable Module is a trademark of Novell, Inc.
NetWare Management Portal is a trademark of Novell,
Inc.
NetWare Name Service is a trademark of Novell, Inc.
NetWare Peripheral Architecture is a trademark of
Novell, Inc.
NetWare Requester is a trademark of Novell, Inc.
NetWare SFT and NetWare SFT III are trademarks of
Novell, Inc.
NetWare SQL is a trademark of Novell, Inc.
NetWire is a registered service mark of Novell, Inc.
in the United States and other countries.
NLM is a trademark of Novell, Inc.
NMAS is a trademark of Novell, Inc.
NMS is a trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc. in
the United States and other countries.
Novell Application Launcher is a trademark of Novell,
Inc.
Novell Authorized Service Center is a service mark of
Novell, Inc.
Novell Certificate Server is a trademark of Novell,
Inc.
Novell Client is a trademark of Novell, Inc.
Novell Cluster Services is a trademark of Novell, Inc.
Novell Directory Services is a registered trademark of
Novell, Inc.
Novell Distributed Print Services is a trademark of
Novell, Inc.
Novell iFolder is a registered trademark of Novell,
Inc.
Novell Labs is a trademark of Novell, Inc.
Novell SecretStore is a registered trademark of
Novell, Inc.
Novell Security Attributes is a trademark of Novell,
Inc.
Novell Storage Services is a trademark of Novell, Inc.
Novell, Yes, Tested & Approved logo is a trademark of
Novell, Inc.
Nsure is a registered trademark of Novell, Inc.
Nterprise is a trademark of Novell, Inc.
Nterprise Branch Office is a trademark of Novell, Inc.
ODI is a trademark of Novell, Inc.
Open Data-Link Interface is a trademark of Novell,
Inc.
Packet Burst is a trademark of Novell, Inc.
PartnerNet is a registered service mark of Novell,
Inc. in the United States and other countries.
Printer Agent is a trademark of Novell, Inc.
QuickFinder is a trademark of Novell, Inc.
Red Box is a trademark of Novell, Inc.
Red Carpet is a registered trademark of Novell, Inc.
in the United States and other countries.
Sequenced Packet Exchange is a trademark of Novell,
Inc.
SFT and SFT III are trademarks of Novell, Inc.
SPX is a trademark of Novell, Inc.
Storage Management Services is a trademark of Novell,
Inc.
SUSE is a registered trademark of SUSE AG, a Novell
business.
System V is a trademark of Novell, Inc.
Topology Specific Module is a trademark of Novell,
Inc.
Transaction Tracking System is a trademark of Novell,
Inc.
TSM is a trademark of Novell, Inc.
TTS is a trademark of Novell, Inc.
Universal Component System is a registered trademark
of Novell, Inc.
Virtual Loadable Module is a trademark of Novell, Inc.
VLM is a trademark of Novell, Inc.
Yes Certified is a trademark of Novell, Inc.
ZENworks is a registered trademark of Novell, Inc. in
the United States and other countries.
All third-party trademarks are the property of their
respective owners.