2005-10-27 22:08:08 +02:00
|
|
|
Common Authentication Service Adapter (CASA)
|
|
|
|
|
|
|
|
|
|
|
|
1.0 Overview
|
|
|
|
|
|
|
|
2.0 Documentation
|
|
|
|
|
2005-11-24 01:09:10 +01:00
|
|
|
3.0 Known Issues
|
|
|
|
|
|
|
|
4.0 Legal Notices
|
2005-10-27 22:08:08 +02:00
|
|
|
|
|
|
|
|
|
|
|
1.0 Overview
|
|
|
|
|
|
|
|
Common Authentication Service Adapter (CASA) provides
|
|
|
|
a common infrastructure for client authentication
|
|
|
|
across the Linux* and Microsoft* Windows* desktops.
|
|
|
|
Novell products (such as GroupWise, GroupWise
|
|
|
|
Messenger, iPrint, Novell iFolder, and the Novell
|
|
|
|
clients for Windows and Linux) are integrated with the
|
|
|
|
miCASA interface and can take advantage of the
|
|
|
|
credential store that provides the cornerstone for
|
|
|
|
CASA.
|
|
|
|
|
|
|
|
The main components of CASA on Linux are:
|
|
|
|
|
|
|
|
- CASA Identity Development Kit (IDK): The IDK
|
|
|
|
provides a set of APIs that application and service
|
|
|
|
developers can use to write user/application
|
|
|
|
credentials to the credential store. The IDK APIs
|
|
|
|
internally store the credentials passed onto them
|
|
|
|
by the applications in miCASAd. There are C, C++,
|
|
|
|
C# and Java bindings available for the CASA IDK.
|
|
|
|
- miCASAd: An active component that starts during
|
|
|
|
boot time. On Linux, miCASAd is available in the
|
|
|
|
run-levels 1, 2, 3 and 5. It runs with root
|
|
|
|
privileges and is active as long as the system is
|
|
|
|
up. It stores and provides credentials or secrets
|
|
|
|
based on the Linux user identifier (uid) of the
|
|
|
|
process that makes the IDK API calls. The
|
|
|
|
credentials, which are stored by applications in
|
|
|
|
miCASAd, are maintained only in memory for the
|
|
|
|
first release. Session-based secrets implies
|
|
|
|
secrets that are stored in an in-memory cache, are
|
|
|
|
available only as long as the user is in session on
|
|
|
|
the desktop, and are destroyed when miCASA daemon
|
|
|
|
is restarted or the user logs off.
|
|
|
|
Any PAM module that uses the IDK APIs must set its
|
|
|
|
effective user id temporarily to that of the user
|
|
|
|
logging in (the user returned by calling
|
|
|
|
pam_get_user()), if the credentials need to be
|
|
|
|
stored against that user. There might be cases
|
|
|
|
where the user obtained through pam_get_user()
|
|
|
|
might not be the one against whom the PAM module
|
|
|
|
actually intends to store credentials.
|
|
|
|
|
|
|
|
- Login Credential Capture Module: On Linux, the
|
|
|
|
login credential capture module is implemented as a
|
|
|
|
PAM module. This PAM module captures the user's
|
|
|
|
desktop login credentials and stores them in
|
|
|
|
miCASAd using the IDK APIs. This PAM module is
|
|
|
|
placed as the last module in the auth and session
|
|
|
|
stacks of xdm, gdm, kdm, login and sshd PAM
|
|
|
|
configuration files. In the auth stack, the
|
|
|
|
functionality of this module is to store the
|
|
|
|
credentials in miCASAd and in the session
|
|
|
|
stack, then closes the user's session with miCASAd.
|
|
|
|
|
|
|
|
|
|
|
|
2.0 Documentation
|
|
|
|
|
|
|
|
To read or print the documentation, you need Adobe
|
|
|
|
Acrobat Reader 4.0
|
|
|
|
(http://www.adobe.com/prodindex/acrobat/readstep.html)
|
|
|
|
.
|
|
|
|
|
|
|
|
The document in this download was created as a
|
|
|
|
standalone file; therefore, links to files in other
|
|
|
|
downloads will not resolve.
|
|
|
|
|
|
|
|
The download includes a single file: casa_enu.pdf in
|
|
|
|
the [install directory]\NDK\doc\casa directory.
|
|
|
|
|
|
|
|
|
2005-11-24 01:09:10 +01:00
|
|
|
3.0 Known issues
|
|
|
|
|
|
|
|
- Secrets with IDs using reserved characters may fail.
|
|
|
|
These will be fixed in a future release. Reserved
|
|
|
|
characters are
|
|
|
|
:
|
|
|
|
\
|
|
|
|
|
|
|
|
|
|
|
|
4.0 Legal Notices
|
2005-10-27 22:08:08 +02:00
|
|
|
|
|
|
|
Novell, Inc. makes no representations or warranties
|
|
|
|
with respect to the contents or use of this
|
|
|
|
documentation, and specifically disclaims any express
|
|
|
|
or implied warranties of merchantability or fitness
|
|
|
|
for any particular purpose. Further, Novell, Inc.
|
|
|
|
reserves the right to revise this publication and to
|
|
|
|
make changes to its content, at any time, without
|
|
|
|
obligation to notify any person or entity of such
|
|
|
|
revisions or changes.
|
|
|
|
|
|
|
|
Further, Novell, Inc. makes no representations or
|
|
|
|
warranties with respect to any software, and
|
|
|
|
specifically disclaims any express or implied
|
|
|
|
warranties of merchantability or fitness for any
|
|
|
|
particular purpose. Further, Novell, Inc. reserves the
|
|
|
|
right to make changes to any and all parts of Novell
|
|
|
|
software, at any time, without any obligation to
|
|
|
|
notify any person or entity of such changes.
|
|
|
|
|
|
|
|
|
|
|
|
You may not use, export, or re-export this product in
|
|
|
|
violation of any applicable laws or regulations
|
|
|
|
including, without limitation, U.S. export regulations
|
|
|
|
or the laws of the country in which you reside.
|
|
|
|
|
|
|
|
|
|
|
|
Copyright 2005 Novell, Inc. All rights reserved.
|
|
|
|
Permission is granted to copy, distribute, and/or
|
|
|
|
modify this document under the terms of the GNU Free
|
|
|
|
Documentation License (GFDL), Version 1.2 or any later
|
|
|
|
version, published by the Free Software Foundation
|
|
|
|
with no Invariant Sections, no Front-Cover Texts, and
|
|
|
|
no Back-Cover Texts. A copy of the GFDL can be found
|
|
|
|
at http://www.fsf.org/licenses/fdl.html.
|
|
|
|
|
|
|
|
THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT
|
|
|
|
ARE PROVIDED UNDER THE TERMS OF THE GNU FREE
|
|
|
|
DOCUMENTATION LICENSE WITH THE FURTHER UNDERSTANDING
|
|
|
|
THAT:
|
|
|
|
|
|
|
|
1. THE DOCUMENT IS PROVIDED ON AN "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
|
|
|
|
IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES
|
|
|
|
THAT THE DOCUMENT OR MODIFIED VERSION OF THE DOCUMENT
|
|
|
|
IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR
|
|
|
|
PURPOSE, OR NON-INFRINGING. THE ENTIRE RISK AS TO THE
|
|
|
|
QUALITY, ACCURACY, AND PERFORMANCE OF THE DOCUMENT OR
|
|
|
|
MODIFIED VERSION OF THE DOCUMENT IS WITH YOU. SHOULD
|
|
|
|
ANY DOCUMENT OR MODIFIED VERSION PROVE DEFECTIVE IN
|
|
|
|
ANY RESPECT, YOU (NOT THE INITIAL WRITER, AUTHOR OR
|
|
|
|
ANY CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY
|
|
|
|
SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF
|
|
|
|
WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS
|
|
|
|
LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED VERSION OF
|
|
|
|
THE DOCUMENT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS
|
|
|
|
DISCLAIMER; AND
|
|
|
|
|
|
|
|
2. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY,
|
|
|
|
WHETHER IN TORT (INCLUDING NEGLIGENCE), CONTRACT, OR
|
|
|
|
OTHERWISE, SHALL THE AUTHOR, INITIAL WRITER, ANY
|
|
|
|
CONTRIBUTOR, OR ANY DISTRIBUTOR OF THE DOCUMENT OR
|
|
|
|
MODIFIED VERSION OF THE DOCUMENT, OR ANY SUPPLIER OF
|
|
|
|
ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY
|
|
|
|
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
|
|
|
|
CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING,
|
|
|
|
WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK
|
|
|
|
STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND
|
|
|
|
ALL OTHER DAMAGES OR LOSSES ARISING OUT OF OR RELATING
|
|
|
|
TO USE OF THE DOCUMENT AND MODIFIED VERSIONS OF THE
|
|
|
|
DOCUMENT, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED
|
|
|
|
OF THE POSSIBILITY OF SUCH DAMAGES.
|
|
|
|
|
|
|
|
|
|
|
|
Novell, Inc. has intellectual property rights relating
|
|
|
|
to technology embodied in the product that is
|
|
|
|
described in this document. In particular, and without
|
|
|
|
limitation, these intellectual property rights may
|
|
|
|
include one or more of the U.S. patents listed at
|
|
|
|
http://www.novell.com/company/legal/patents/ and one
|
|
|
|
or more additional patents or pending patent
|
|
|
|
applications in the U.S. and in other countries.
|
|
|
|
|
|
|
|
|
|
|
|
AppNotes is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
AppTester is a registered trademark of Novell, Inc. in
|
|
|
|
the United States.
|
|
|
|
|
|
|
|
ASM is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
BorderManager is a registered trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
BrainShare is a registered service mark of Novell,
|
|
|
|
Inc. in the United States and other countries.
|
|
|
|
|
|
|
|
C3PO is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Certified Novell Engineer is a service mark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Client32 is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
CNE is a registered service mark of Novell, Inc.
|
|
|
|
|
|
|
|
ConsoleOne is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Controlled Access Printer is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Custom 3rd-Party Object is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
DeveloperNet is a registered trademark of Novell, Inc.
|
|
|
|
in the United States and other countries.
|
|
|
|
|
|
|
|
DirXML is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
eDirectory is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Excelerator is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
exteNd is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
exteNd Director is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
exteNd Workbench is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
FAN-OUT FAILOVER is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
GroupWise is a registered trademark of Novell, Inc. in
|
|
|
|
the United States and other countries.
|
|
|
|
|
|
|
|
Hardware Specific Module is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Hot Fix is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
iChain is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Internetwork Packet Exchange is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
IPX is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
IPX/SPX is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
jBroker is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Link Support Layer is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
LSL is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
ManageWise is a registered trademark of Novell, Inc.,
|
|
|
|
in the United States and other countries.
|
|
|
|
|
|
|
|
Mirrored Server Link is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Mono is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
MSL is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
My World is a registered trademark of Novell, Inc. in
|
|
|
|
the United States.
|
|
|
|
|
|
|
|
NCP is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NDPS is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NDS is a registered trademark of Novell, Inc. in the
|
|
|
|
United States and other countries.
|
|
|
|
|
|
|
|
NDS Manager is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NE2000 is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetMail is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWare is a registered trademark of Novell, Inc. in
|
|
|
|
the United States and other countries.
|
|
|
|
|
|
|
|
NetWare/IP is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWare Core Protocol is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWare Loadable Module is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWare Management Portal is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
NetWare Name Service is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWare Peripheral Architecture is a trademark of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
NetWare Requester is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWare SFT and NetWare SFT III are trademarks of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
NetWare SQL is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NetWire is a registered service mark of Novell, Inc.
|
|
|
|
in the United States and other countries.
|
|
|
|
|
|
|
|
NLM is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NMAS is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
NMS is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Novell is a registered trademark of Novell, Inc. in
|
|
|
|
the United States and other countries.
|
|
|
|
|
|
|
|
Novell Application Launcher is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Novell Authorized Service Center is a service mark of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
Novell Certificate Server is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Novell Client is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Novell Cluster Services is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Novell Directory Services is a registered trademark of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
Novell Distributed Print Services is a trademark of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
Novell iFolder is a registered trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Novell Labs is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Novell SecretStore is a registered trademark of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
Novell Security Attributes is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Novell Storage Services is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Novell, Yes, Tested & Approved logo is a trademark of
|
|
|
|
Novell, Inc.
|
|
|
|
|
|
|
|
Nsure is a registered trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Nterprise is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Nterprise Branch Office is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
ODI is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Open Data-Link Interface is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Packet Burst is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
PartnerNet is a registered service mark of Novell,
|
|
|
|
Inc. in the United States and other countries.
|
|
|
|
|
|
|
|
Printer Agent is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
QuickFinder is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Red Box is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Red Carpet is a registered trademark of Novell, Inc.
|
|
|
|
in the United States and other countries.
|
|
|
|
|
|
|
|
Sequenced Packet Exchange is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
SFT and SFT III are trademarks of Novell, Inc.
|
|
|
|
|
|
|
|
SPX is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Storage Management Services is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
SUSE is a registered trademark of SUSE AG, a Novell
|
|
|
|
business.
|
|
|
|
|
|
|
|
System V is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Topology Specific Module is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
Transaction Tracking System is a trademark of Novell,
|
|
|
|
Inc.
|
|
|
|
|
|
|
|
TSM is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
TTS is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Universal Component System is a registered trademark
|
|
|
|
of Novell, Inc.
|
|
|
|
|
|
|
|
Virtual Loadable Module is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
VLM is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
Yes Certified is a trademark of Novell, Inc.
|
|
|
|
|
|
|
|
ZENworks is a registered trademark of Novell, Inc. in
|
|
|
|
the United States and other countries.
|
|
|
|
|
|
|
|
|
|
|
|
All third-party trademarks are the property of their
|
|
|
|
respective owners.
|
|
|
|
|
|
|
|
|
|
|
|
|