geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Brought up to date the README and TODO files.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2006-10-10 14:47:19 +00:00
parent ac412cb2cd
commit 18e290e209
28 changed files with 567 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CASA-auth-token/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for auth_token
@ -45,7 +68,7 @@ cached. Once the client is authenticated to the ATS, it then requests Authentica
Tokens from it using the obtained Session Token. When an ATS receives a request for
an Authentication Token, it then verifies the validity of the received Session Token
and then it creates the appropriate Identity Token for the target service which it then
embeds within the Authentication Token. The indentity information contained in the
embeds within the Authentication Token. The identity information contained in the
Identity Token as well as the type of Identity Token utilized depends on what is
configured for the tatget service.

25
CASA-auth-token/java/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for auth_token
@ -45,7 +68,7 @@ cached. Once the client is authenticated to the ATS, it then requests Authentica
Tokens from it using the obtained Session Token. When an ATS receives a request for
an Authentication Token, it then verifies the validity of the received Session Token
and then it creates the appropriate Identity Token for the target service which it then
embeds within the Authentication Token. The indentity information contained in the
embeds within the Authentication Token. The identity information contained in the
Identity Token as well as the type of Identity Token utilized depends on what is
configured for the tatget service.

3
CASA-auth-token/java/TODO
View File

@ -13,5 +13,4 @@ details outstanding items at the project level.
OUTSTANDING ITEMS
- Plug-in auth_token into the CASA make system.
None.

5
CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com
- Brought up to date the README and TODO files.
-------------------------------------------------------------------
Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com

23
CASA-auth-token/java/server/Jaas/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for JaasSupport

102
CASA-auth-token/java/server/Svc/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for AuthTokenSvc
@ -19,10 +42,10 @@ Identity Token Providers for the generation of Identity Tokens.
ENVIRONMENT SETTINGS
The following options must be set in the JAVA_OPTS setting before starting Tomcat
to allow the Kerberos authentication mechanism to work properly:
The following options must be set in the JAVA_OPTS environment variable before
starting Tomcat to allow the Kerberos authentication mechanism to work properly
with Sun's Java:
-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config={replace with the path for JAAS configuration
file for the service}
@ -46,12 +69,19 @@ com.sun.security.auth.module.Krb5LoginModule required
Please adjust the ticketCache and principal setting to match your installation.
By default, AuthTokenSvc reads its configuration from the "conf" folder under
the WEB-INF folder of the Tomcat Web Application ($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/conf).
This can be over-ridden by setting the following option in the JAVA_OPTS environment variable:
-Dcom.novell.casa.authtoksvc.config={replace with the path to the configuration
folder}
CONFIGURATION
AuthTokenSvc configuration consists of multiple entities. Most of the AuthTokenSvc
configuration is contained within the "conf" folder under the WEB-INF folder of the
application. For an example configuration setup for the AuthTokenSvc see the
sampleConf folder.
AuthTokenSvc configuration consists of multiple entities. The authTokenSvc configuration
is contained within the "conf" folder under the WEB-INF folder of the application
($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/conf). For an example configuration setup
for the AuthTokenSvc see the sampleConf folder.
The location of the AuthTokenSvc configuration folder can be over-ridden by specifying
a different path via the com.novell.casa.authtoksvc.config system property.
@ -60,7 +90,7 @@ CONFIGURING THE BASE SERVICE
The ATS base settings are configured in the svc.settings file under the conf folder.
Thhe following is an example svc.settings file:
The following is an example svc.settings file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
@ -111,22 +141,41 @@ Note the following about the sample svc.settings file:
- The KeyStorePwd setting specifies the password of the user specified by KeyStoreUser to get
the private signing key from the keystore.
ATSs digitally sign tokens, for this purpose it is necessary that keys be generated and installed
in a keystore whose location and properties are configured in the crypto.properties file present in
the "classes" folder under the WEB-INF folder of the AuthTokenSvc application
($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/classes). Please note that you must edit the
crypto.properties file with the appropriate information once the AuthTokenSvc is deployed to
a Tomcat server.
CONFIGURING SERVICES TO CONSUME CASA AUTHENTICATION TOKENS
Services are configured to consume CASA authentication tokens by creating folders
under the conf/enabled_services folders. Since CASA distinguishes between services
By default, an ATS will issue CASA authentication tokens to be consumed by any service
not explicitedly configured as a consumer in the ATS's configuration. This default
behavior can be turned off by setting the following system property in the JAVA_OPTS
environment variable:
-Dcom.novell.casa.authtoksvc.enabled_svcs_only=true
Services explicitedly configured as consumers of CASA authentication tokens by creating
folders under the conf/anabled_services folder. Since CASA distinguishes between services
of the same name existing in different hosts, the first folder that must be created
is one for the host where the service resides. The host folder name must match the
DNS name of the host where the service resides. Services are configured by creating
a folder under the appropriate host folder with a name matching the service name.
DNS name of the host where the service resides unless the service resides in the same
host as the ATS in which case the host folder name must be "localhost". Services are
configured by creating a folder under the appropriate host folder with a name matching
the service name.
Note when configuring services that the service name and the host names must match
the service and host names specified by the client applications when requesting
tokens to authenticate to them.
Note when configuring services that the service folder and the host folder names must match
the service and host names specified by the client applications when requesting tokens to
authenticate to them with the exception of when the service resides in the same host as the
ATS in which case the host folder name is "localhost" and the host name specified by the
application is the host's DNS name.
The services folder must contain an auth.policy file, an authtoken.settings file,
and an identoken.settings file. In the absence of any one of those files, the ATS
will default to utilizing the files present under its conf folder.
and an identoken.settings file. In the absence of any one of those files or if the service
is not explicitedly configured, the ATS will default to utilizing the files present under
its conf folder.
The auth.policy file specifies the authentication realms (or contexts) to which
entities can authenticate to gain access to the service. The auth.policy file also
@ -140,7 +189,7 @@ The following is an example auth.policy file:
<auth_source>
<realm>CorpTree</realm>
<mechanism>Krb5Authenticate</mechanism>
<mechanism_info>host@tokenserver.company.novell.com</mechanism_info>
<mechanism_info>host/tokenserver.company.novell.com@KRB_REALM</mechanism_info>
</auth_source>
<auth_source>
<realm>CorpTree</realm>
@ -167,8 +216,8 @@ Note the following about the sample auth.policy file:
specified for an auth_source entry.
- The name of the Krb5 Authentication mechanism is "Krb5Authenticate". This mechanism
requires that you specify the service's kerberos principal name under the mechanism_info
key.
defaults the service principal name to host/hostname@KERBEROS_REALM. You can use a
different service principal name under the mechanism_info key.
- The name of the username/password authentication mechanism is "PwdAuthenticate" and
it does not require any information to be included under the mechanism_info key.
@ -213,7 +262,6 @@ The following is an example identoken.settings file:
<settings>
<Attributes>sn,groupMembership,guid</Attributes>
<EncryptAttributes>false</EncryptAttributes>
<Certificate>Base64 encoded certificate</Certificate>
</settings>
Note the following about the sample identoken.settings file:
@ -232,10 +280,6 @@ Note the following about the sample identoken.settings file:
the file present in its conf folder (Attribute encryption is not yet supported
by the Casa identity token provider).
- The Certificate setting specifies the certificate that must be utilized to encrypt
identity attribute data. The certificate contains the public key of the targeted
service. The certificate data is Base64 encoded.
- The identoken.settings file can also contain additional identity token provider
specific settings.
@ -268,22 +312,22 @@ mechanism:
<settings>
<ClassName>com.novell.casa.authtoksvc.Krb5Authenticate</ClassName>
<RelativeClassPath>WEB-INF/classes</RelativeClassPath>
<ServicePrincipalName>host@authtokenserver.company.com</ServicePrincipalName>
<ServicePrincipalName>host</ServicePrincipalName>
</settings>
The base AuthTokenSvc package contains two authentication mechanisms, these are
Krb5Authenticate and PwdAuthenticate. The configuration under sampleConf is set up
to allow an AuthTokenSvc to leverage both mechanisms.
The Krb5Authenticate mechanism requires that the following setting also be included
in its mechanism.settings file:
The Krb5Authenticate mechanism defaults the service principal name to "host/hostname",
you can over-ride this parameter by adding the following entry to its mechanism.settings file:
ServicePrincipalName - This is the name of the Kerberos Service Principal that the
Authentication Token Service runs as when authenticating other entities.
CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDERS
- TBD -
<This feature is not currently supported>
SECURITY CONSIDERATIONS

5
CASA-auth-token/java/server/Svc/TODO
View File

@ -10,12 +10,9 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
OUTSTANDING ITEMS
- Switch to a Web Services model where the Client/Server protocol uses SOAP.
- Switch to use WS-Security, WS-Policy, and WS-Conversation for Authentication Tokens and Session Tokens.
- Switch to a Web Services model where the Client/Server protocol uses SOAP.(This is under evaluation).
- Add code to verify that client/server communications occur over HTTPS.
- Add logging.
- Create plug-in API for Identity Token Providers.
- Integrate into CASA build environment.
- Review Code.
- Change printfs used for debugging into a suitable mechanism.

6
CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java
View File

@ -37,6 +37,9 @@ import org.apache.axis.message.MessageElement;
import javax.xml.namespace.QName;
import java.io.*;
// Un-comment the following line to print Authentication Token Messages
//import org.apache.axis.utils.XMLUtils;
/*
* AuthToken Class.
@ -113,6 +116,9 @@ public class AuthToken
svcConfig,
(targetHost.compareTo("localhost") == 0) ? false : true);
// Un-comment the following line to print Authentication Token Messages
//XMLUtils.PrettyElementToWriter(authTokenMessage.getSOAPEnvelope().getAsDOM(), new PrintWriter(System.out));
// Now save the message as a string
OutputStream outStream = new ByteArrayOutputStream();
authTokenMessage.writeTo(outStream);

1
CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings
View File

@ -3,5 +3,4 @@
<description>This is the authentication mechanism for the Krb5Authenticate scheme. The Krb5Authenticate scheme authenticates entities using Kerberos-V tokens.</description>
<ClassName>com.novell.casa.authtoksvc.Krb5Authenticate</ClassName>
<RelativeClassPath>WEB-INF/classes</RelativeClassPath>
<ServicePrincipalName>Specify the service's kerberos principal name</ServicePrincipalName>
</settings>

25
CASA-auth-token/non-java/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for auth_token
@ -45,7 +68,7 @@ cached. Once the client is authenticated to the ATS, it then requests Authentica
Tokens from it using the obtained Session Token. When an ATS receives a request for
an Authentication Token, it then verifies the validity of the received Session Token
and then it creates the appropriate Identity Token for the target service which it then
embeds within the Authentication Token. The indentity information contained in the
embeds within the Authentication Token. The identity information contained in the
Identity Token as well as the type of Identity Token utilized depends on what is
configured for the tatget service.

3
CASA-auth-token/non-java/TODO
View File

@ -13,5 +13,4 @@ details outstanding items at the project level.
OUTSTANDING ITEMS
- Plug-in auth_token into the CASA make system.
- Allow the Windows client to be built under Cygwin.

27
CASA-auth-token/non-java/client/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for libcasa_c_authtoken
@ -17,8 +40,8 @@ libcasa_c_authtoken utilizes mechanism plug-ins for authenticating to ATSs.
The client auth_token package installs mechanisms for the support of Kerberos5
and Username/Password authentication. To configure additional authentication mechanism
plug-ins, place their configuration file in the folder for CASA Authentication Token module
configuration. The path to this folder under linux is /etc/opt/novell/CASA/authtoken.d/modules.d.
The path to this folder under Windows is \Program Files\novell\CASA\auth\mechanisms. The name of
configuration. The path to this folder under linux is /etc/CASA/authtoken.d/client.d/mechanisms.d/.
The path to this folder under Windows is \Program Files\novell\CASA\Etc\Auth\Mechanisms\. The name of
the plug-in configuration file is related to the authentication mechanism type in the following
manner: AuthenticationMechanismTypeName.conf.

7
CASA-auth-token/non-java/client/TODO
View File

@ -10,9 +10,4 @@ This file contains a list of the items still outstanding for libcasa_c_authtoken
OUTSTANDING ITEMS
- Implementation of Linux specific code.
- Re-structure the token cache to differentiate between Session Tokens and Authentication Tokens.
- Use the CASA cache as the token store.
- Switch Client/Server protocol to use SOAP Messages.
- Enable communications over HTTPS instead of over HTTP.
None.

68
CASA-auth-token/non-java/client/csharp/README Normal file
View File

@ -0,0 +1,68 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for Novell.Casa.Client.Auth CSHARP Library
*
***********************************************************************/
INTRODUCTION
Novell.Casa.Client.Auth CSHARP Library provides a class for CSHARP client
applications to obtain authentication tokens from the CASA Authentication
Token Infrastructure.
CLIENT APPLICATION PROGRAMMING NOTES
The Novell.Casa.Client.Auth.Authtoken class provides static method ObtainAuthToken()
to allow client applications to obtain CASA Authentication Tokens. The caller must
supply the name of the service to which it wants to authenticate along with the name
of the host where it resides to the static method. The returned authentication token
is a Base64 encoded string.
Applications utilizing CASA Authentication Tokens as passwords in protocols that require the
transfer of user name and password credentials should verify or remove any password length limits
as the length of CASA Authentication Tokens may be over 1K bytes. The size of the CASA Authentication
Tokens is directly dependent on the amount of identity information configured as required by the
consuming service. These applications should also set the user name to "CasaPrincipal".
For examples of code which uses the Novell.Casa.Client.Auth.Authtoken class look at the test
application under the test folder.
SECURITY CONSIDERATIONS
CASA Authentication Tokens when compromised can be used to either impersonate
a user or to obtain identity information about the user. Because of this it is
important that the tokens be secured by applications making use of them. It is
recommended that the tokens be transmitted using SSL.

15
CASA-auth-token/non-java/client/csharp/TODO Normal file
View File

@ -0,0 +1,15 @@
/***********************************************************************
*
* TODO for Novell.Casa.Client.Auth CSHARP Library
*
***********************************************************************/
INTRODUCTION
This file contains a list of the items still outstanding for the
Novell.Casa.Client.Auth CSHARP library.
OUTSTANDING ITEMS
- Include it in the Linux Client build/rpm.

23
CASA-auth-token/non-java/client/mechanisms/krb5/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for krb5mech

3
CASA-auth-token/non-java/client/mechanisms/krb5/TODO
View File

@ -10,5 +10,4 @@ This file contains a list of the items still outstanding for krb5mech.
OUTSTANDING ITEMS
- Implementation of Linux specific code.
None.

23
CASA-auth-token/non-java/client/mechanisms/pwd/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for pwmech

3
CASA-auth-token/non-java/client/mechanisms/pwd/TODO
View File

@ -10,5 +10,4 @@ This file contains a list of the items still outstanding for pwmech.
OUTSTANDING ITEMS
- Implementation of Linux specific code.
None.

11
CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Tue Oct 10 08:46:22 MDT 2006 - jluciani@novell.com
- Brought up to date the README and TODO files.
-------------------------------------------------------------------
Mon Oct 9 09:28:37 MDT 2006 - jluciani@novell.com
- Cleaned up compiler warnings that were present in some of the
components.
-------------------------------------------------------------------
Fri Oct 6 14:22:54 MDT 2006 - schoi@novell.com

30
CASA-auth-token/non-java/server/ApacheSupport/2.2/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for mod_authn_casa
@ -35,9 +58,10 @@ for authenticating requests issued to mod_example:
Require valid-user
</Location>
Note that the name specified in the AuthName directive should match the name
configured under CASA for the authentication realm used by CASA to obtain
identity information for the service.
The AuthName directive specifies the name of the authentication REALM relayed
by the server to HTTP clients when requesting that the they authenticate using
the Basic Authentication scheme. The AuthName can be used by the HTTP client to
realize that the server is expecting CASA Authentication Token materials.
mod_authn_casa supports the following configuration directives:

30
CASA-auth-token/non-java/server/AuthTokenValidate/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for libcasa_s_authtoken
@ -16,9 +39,8 @@ module to perform the credential validation. To facilitate this, CASA Authentica
provides PAM, Apache, and JAAS modules that can be used to validate credentials containing
CASA Authentication tokens,
CONFIGURING TRUSTED AUTHENTICATION TOKEN SERVICES
tbd. Add info about the installation of public certificates and trusted certificate authorities.
libcasa_s_authtoken relies on the CasaAuthtokenValidateD service in order to perform its
functions. To learn more about CasaAuthtokenValidateD see the Svc folder.
CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDER MODULES
@ -30,7 +52,7 @@ is configured for CASA Authentication. The default identity token type is CasaId
libcasa_s_authtoken supports different identity token types through an API that allows for the
configuration of different Identity Token Provider plug-ins. An Identity Token Provider plug-in
is configured by placing a configuration file for the plug-ins in the
/etc/opt/CASA/authtoken.d/modules.d folder. The name of the plug-in configuration file is related
/etc/CASA/authtoken.d/modules.d folder. The name of the plug-in configuration file is related
to the identity token type in the following manner: IdentityTokenTypeName.conf.
Identity Token Provider plug-in configuration files must must contain a directive indicating the

80
CASA-auth-token/non-java/server/AuthTokenValidate/Svc/README Normal file
View File

@ -0,0 +1,80 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for CasaAuthtokenValidateD
*
***********************************************************************/
INTRODUCTION
CasaAuthtokenValidateD provides a service that is utilized by libcasa_s_authtoken
for the validation of CASA Authentication Tokens.
Processes executing libcasa_s_authtoken communicate with CasaAuthTokenValidateD via
domain sockets. CasaAuthTokenValidateD validates authentication tokens by invoking
the appropriate CASA Authentication Token Java classes.
COMMAND LINE PARAMETERS
CasaAuthtokenValidateD has the following command line parameters:
-b BeginThreads
Optional parameter that specifies the initial number of threads utilized by the
service to process requests.
-g GrowThreads
Optional parameter that specifies the number of threads by which the service can
grow its thread pool utilized for processing requests.
-m MaxThreads
Optional parameter that specifies the maximum number of threads that the service
can have in its thread pool for processing requests.
-D DebugLevel
Optional parameter that specifies the level used for logging debugging information.
0 being the lowest debug level.
-d
Optional parameter that specifies that the service must be run as a daemon.
SECURITY CONSIDERATIONS
Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
create its listeing socket to keep other services from hijacking it and taking on
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.

13
CASA-auth-token/non-java/server/AuthTokenValidate/Svc/TODO Normal file
View File

@ -0,0 +1,13 @@
/***********************************************************************
*
* TODO for CasaAuthtokenValidateD
*
***********************************************************************/
INTRODUCTION
This file contains a list of the items still outstanding for CasaAuthtokenValidateD.
OUTSTANDING ITEMS
None.

4
CASA-auth-token/non-java/server/AuthTokenValidate/TODO
View File

@ -10,6 +10,4 @@ This file contains a list of the items still outstanding for libcasa_s_authtoken
OUTSTANDING ITEMS
- Change AuthTokens to be SOAP messages secured with WS-Security and WS-Trust.
- Implement CheckAuthToken().
- Finish README documentation.
None.

23
CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for casa_identoken

23
CASA-auth-token/non-java/server/PamSupport/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for pam_casaauthtok

23
CASA-auth-token/non-java/utilities/IpcLibs/README
View File

@ -1,3 +1,26 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for IpcLibs