Updated README and TODO files to reflect the current state of the
project.
This commit is contained in:
parent
cd04a3d4cf
commit
cce03a7a13
@ -82,18 +82,13 @@ The auth_token client/service protocol allows for the authentication of the clie
|
|||||||
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
||||||
of the ATS.
|
of the ATS.
|
||||||
|
|
||||||
IMPLEMENTATION STRATEGY AND CURRENT STATUS
|
CURRENT STATUS
|
||||||
|
|
||||||
auth_token is currently under development and is not ready to be used in production.
|
CASA-auth-token status is mostly code complete and has entered the testing phase. We will
|
||||||
The implementation strategy has been to first complete the framework with all of its
|
be making changes during this phase based on the feedback received.
|
||||||
modules, APIs, and packaging to allow application writters to start developing to it.
|
|
||||||
Once this is done, then the implementation focus will switch to completing the plumbing.
|
|
||||||
|
|
||||||
As of this time, a lot of the framework has been completed and there are sample
|
The items whose implemetation is still pending are listed in the TODO files for the various
|
||||||
applications that can be utilized to exercise it. For a more complete picture of where
|
components.
|
||||||
we are, look at the various TODO lists present in the child folders.
|
|
||||||
|
|
||||||
The schedule for completing auth_token is agressive.
|
|
||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
|
|
||||||
|
@ -82,26 +82,15 @@ The auth_token client/service protocol allows for the authentication of the clie
|
|||||||
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
||||||
of the ATS.
|
of the ATS.
|
||||||
|
|
||||||
IMPLEMENTATION STRATEGY AND CURRENT STATUS
|
|
||||||
|
|
||||||
auth_token is currently under development and is not ready to be used in production.
|
|
||||||
The implementation strategy has been to first complete the framework with all of its
|
|
||||||
modules, APIs, and packaging to allow application writters to start developing to it.
|
|
||||||
Once this is done, then the implementation focus will switch to completing the plumbing.
|
|
||||||
|
|
||||||
As of this time, a lot of the framework has been completed and there are sample
|
|
||||||
applications that can be utilized to exercise it. For a more complete picture of where
|
|
||||||
we are, look at the various TODO lists present in the child folders.
|
|
||||||
|
|
||||||
The schedule for completing auth_token is agressive.
|
|
||||||
|
|
||||||
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON WINDOWS
|
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON WINDOWS
|
||||||
|
|
||||||
- Install Visual Studio .NET 2003
|
- Install Visual Studio 2005.
|
||||||
- Install Windows Platform SDK for Windows Server 2003 SP1
|
- Install Windows Platform SDK for Windows Server 2003 SP1.
|
||||||
- Register the platform sdk with VS - Start/All Programs/Windows Platform SDK for Windows Server 2003 SP1/Visual Studio Registration/Register PSDK Directories with Visual Studio
|
- Register the platform sdk with VS - Start/All Programs/Windows Platform SDK for
|
||||||
|
Windows Server 2003 SP1/Visual Studio Registration/Register PSDK Directories with
|
||||||
|
Visual Studio.
|
||||||
- Install Cygwin - See instructions below.
|
- Install Cygwin - See instructions below.
|
||||||
- Extract Expat-2.0.0.zip in casa source directory parent
|
- Extract Expat-2.0.0.zip in casa source directory parent.
|
||||||
- Install Casa
|
- Install Casa
|
||||||
|
|
||||||
Download and start cygwin install:
|
Download and start cygwin install:
|
||||||
@ -179,9 +168,8 @@ bash --login -i
|
|||||||
|
|
||||||
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON LINUX
|
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON LINUX
|
||||||
|
|
||||||
Install latest mono and mono-devel RPM - Obtain RPMs from
|
Install needed RPMs. Look at BuildRequires line in CASA_auth_token_server.spec.in file
|
||||||
www.go-mono.org.
|
in package/linux folder to see a list of RPM build dependencies.
|
||||||
|
|
||||||
|
|
||||||
BUILDING THE SOFTWARE PACKAGE
|
BUILDING THE SOFTWARE PACKAGE
|
||||||
|
|
||||||
@ -222,7 +210,7 @@ source distribution (configure, Makefile.in files, and other distributed
|
|||||||
autotools files are not removed)
|
autotools files are not removed)
|
||||||
|
|
||||||
make maintainer-clean - removes files to return state back to same as
|
make maintainer-clean - removes files to return state back to same as
|
||||||
the CVS checkout (you will need to run ./autogen.sh again before running
|
the SVN checkout (you will need to run ./autogen.sh again before running
|
||||||
make again)
|
make again)
|
||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
@ -232,6 +220,15 @@ a user or to obtain identity information about the user. Because of this it is
|
|||||||
important that the tokens be secured by applications making use of them. It is
|
important that the tokens be secured by applications making use of them. It is
|
||||||
recommended that the tokens be transmitted using SSL.
|
recommended that the tokens be transmitted using SSL.
|
||||||
|
|
||||||
|
Currently, the Authentication Token Client defaults to allow the setup of SSL
|
||||||
|
connections with an ATS even if the Certificate presented by the ATS is considered
|
||||||
|
invalid. In this mode, it is possible for a malicious user to set up a server which
|
||||||
|
impersonates an ATS for the purpose of acquiring user credentials. This default
|
||||||
|
will be modified once we implement a mechanism to give the user the option of either
|
||||||
|
approving or rejecting a certificate. If this behavior is un-acceptable to you then
|
||||||
|
you can configure the client to not allow SSL connections to be setup with invalid
|
||||||
|
server certificates by modifying the settings present in the client.conf file.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -6,12 +6,13 @@
|
|||||||
|
|
||||||
INTRODUCTION
|
INTRODUCTION
|
||||||
|
|
||||||
This file contains a list of the items still outstanding for auth_token.
|
This file contains a list of the items still outstanding for auth_token
|
||||||
|
client components.
|
||||||
|
|
||||||
Note: There are TODO lists under each auth_token component. This file just
|
Note: There are TODO lists under each auth_token component. This file just
|
||||||
details outstanding items at the project level.
|
details outstanding items at the project level.
|
||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
- Add mechanism to try communicating with ATS over port 443 if communications
|
- Create Java binding to GetAuthToken() API.
|
||||||
over port 2645 fail.
|
|
||||||
|
@ -34,6 +34,14 @@ interacting with ATSs, invoking the authentication mechanism plug-ins, and
|
|||||||
managing the authentication token cache. libcasa_c_authtoken also provides
|
managing the authentication token cache. libcasa_c_authtoken also provides
|
||||||
the Get Authentication Token API.
|
the Get Authentication Token API.
|
||||||
|
|
||||||
|
CONFIGURATION
|
||||||
|
|
||||||
|
libcasa_c_authtoken has several configuration settings that can be modified to
|
||||||
|
change its default behavior. To modify the libcasa_c_authtoken configuration
|
||||||
|
you need to edit the client.conf file. The path to the client.conf file under
|
||||||
|
linux is /etc/CASA/authtoken/client/client.conf. The path to the client.conf file
|
||||||
|
under windows is \Program Files\novell\CASA\Etc\Auth\client.conf.
|
||||||
|
|
||||||
CONFIGURING ADDITIONAL AUTHENTICATION MECHANISM MODULES
|
CONFIGURING ADDITIONAL AUTHENTICATION MECHANISM MODULES
|
||||||
|
|
||||||
libcasa_c_authtoken utilizes mechanism plug-ins for authenticating to ATSs.
|
libcasa_c_authtoken utilizes mechanism plug-ins for authenticating to ATSs.
|
||||||
|
@ -10,4 +10,14 @@ This file contains a list of the items still outstanding for libcasa_c_authtoken
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
None.
|
- Add mechanism to try communicating with ATS over port 443 if communications
|
||||||
|
over port 2645 fail.
|
||||||
|
|
||||||
|
- Enhance the AuthMechanism interface to support authentication schemes that
|
||||||
|
require several token exchanges between the client and the server. This will
|
||||||
|
also require the enhancement of the client/server protocol utilized for
|
||||||
|
authentication.
|
||||||
|
|
||||||
|
- Add mechanism to allow a user to either accept or reject server certificates
|
||||||
|
considered invalid.
|
||||||
|
|
||||||
|
@ -34,7 +34,6 @@ authentication. The mechanism leverages the services of the native Kerberos 5
|
|||||||
client to obtain Kerberos Tokens that can be used for authenticating an entity
|
client to obtain Kerberos Tokens that can be used for authenticating an entity
|
||||||
to a Kerberos service.
|
to a Kerberos service.
|
||||||
|
|
||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
|
|
||||||
The tokens that krb5mech generates are only utilized to authenticate the client
|
The tokens that krb5mech generates are only utilized to authenticate the client
|
||||||
|
@ -10,4 +10,7 @@ This file contains a list of the items still outstanding for krb5mech.
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
None.
|
- Change to also do server authentication once the AuthMechanism interface
|
||||||
|
is enhanced to support authentication schemes that require several token
|
||||||
|
exchanges between the client and the server. Allow this to be configurable.
|
||||||
|
.
|
||||||
|
@ -10,4 +10,8 @@ This file contains a list of the items still outstanding for pwmech.
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
None.
|
- Allow the server to specify that Desktop credentials should not be
|
||||||
|
utilized.
|
||||||
|
|
||||||
|
- Try to find way to remove credentials from miCASA cache which are
|
||||||
|
found to be invalid.
|
||||||
|
@ -18,6 +18,8 @@
|
|||||||
* To contact Novell about this file by physical or electronic mail,
|
* To contact Novell about this file by physical or electronic mail,
|
||||||
* you may find current contact information at www.novell.com.
|
* you may find current contact information at www.novell.com.
|
||||||
*
|
*
|
||||||
|
* Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||||
|
*
|
||||||
***********************************************************************/
|
***********************************************************************/
|
||||||
|
|
||||||
package com.novell.casa.jaas;
|
package com.novell.casa.jaas;
|
||||||
|
@ -82,18 +82,134 @@ The auth_token client/service protocol allows for the authentication of the clie
|
|||||||
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
||||||
of the ATS.
|
of the ATS.
|
||||||
|
|
||||||
IMPLEMENTATION STRATEGY AND CURRENT STATUS
|
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON WINDOWS
|
||||||
|
|
||||||
auth_token is currently under development and is not ready to be used in production.
|
- Install Visual Studio 2005.
|
||||||
The implementation strategy has been to first complete the framework with all of its
|
- Install Windows Platform SDK for Windows Server 2003 SP1.
|
||||||
modules, APIs, and packaging to allow application writters to start developing to it.
|
- Register the platform sdk with VS - Start/All Programs/Windows Platform SDK for
|
||||||
Once this is done, then the implementation focus will switch to completing the plumbing.
|
Windows Server 2003 SP1/Visual Studio Registration/Register PSDK Directories with
|
||||||
|
Visual Studio.
|
||||||
|
- Install Cygwin - See instructions below.
|
||||||
|
|
||||||
As of this time, a lot of the framework has been completed and there are sample
|
Download and start cygwin install:
|
||||||
applications that can be utilized to exercise it. For a more complete picture of where
|
Browse to http://sources.redhat.com/cygwin/
|
||||||
we are, look at the various TODO lists present in the child folders.
|
|
||||||
|
|
||||||
The schedule for completing auth_token is agressive.
|
Click on "Install or update now!" or "Install Cygwin now"
|
||||||
|
|
||||||
|
Cygwin Setup:
|
||||||
|
Next
|
||||||
|
|
||||||
|
Cygwin Setup - Choose Installation Type:
|
||||||
|
Install from Internet
|
||||||
|
Next
|
||||||
|
|
||||||
|
Cygwin Setup - Choose Installation Directory:
|
||||||
|
Root Directory: C:\cygwin
|
||||||
|
Install For: "All Users"
|
||||||
|
|
||||||
|
Default Text File Type: DOS
|
||||||
|
|
||||||
|
Cygwin Setup - Select Local Package Directory:
|
||||||
|
Local Package Directory: C:\cygwin-packages
|
||||||
|
|
||||||
|
Cygwin Setup - Select Connection Type:
|
||||||
|
Direct Connection
|
||||||
|
|
||||||
|
Choose A Download Site:
|
||||||
|
ftp://ftp.nas.nasa.gov
|
||||||
|
|
||||||
|
Cywin Setup - Select Packages:
|
||||||
|
Base:
|
||||||
|
defaults
|
||||||
|
|
||||||
|
Devel:
|
||||||
|
autoconf
|
||||||
|
automake
|
||||||
|
libtool
|
||||||
|
make
|
||||||
|
pkgconfig
|
||||||
|
cvs
|
||||||
|
gcc
|
||||||
|
gcc-g++
|
||||||
|
|
||||||
|
Editors:
|
||||||
|
vim (optional)
|
||||||
|
|
||||||
|
Net:
|
||||||
|
openssh
|
||||||
|
openssl
|
||||||
|
|
||||||
|
Text:
|
||||||
|
more
|
||||||
|
|
||||||
|
Utils:
|
||||||
|
clear (optional)
|
||||||
|
|
||||||
|
Cygwin Setup - Create Icons:
|
||||||
|
Finish
|
||||||
|
|
||||||
|
Edit cygwin.bat (c:\cygwin\cygwin.bat) to add a call to
|
||||||
|
%VS71COMNTOOLS%\vsvars32.bat (see example below). This sets up the
|
||||||
|
Visual Studio tools in Cygwin.
|
||||||
|
|
||||||
|
Sample cygwin.bat:
|
||||||
|
|
||||||
|
@echo off
|
||||||
|
|
||||||
|
call "%VS71COMNTOOLS%\vsvars32.bat" > NUL
|
||||||
|
|
||||||
|
C:
|
||||||
|
chdir C:\cygwin\bin
|
||||||
|
|
||||||
|
bash --login -i
|
||||||
|
|
||||||
|
|
||||||
|
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON LINUX
|
||||||
|
|
||||||
|
Install needed RPMs. Look at BuildRequires line in CASA_auth_token_svc.spec.in file
|
||||||
|
in package/linux folder to see a list of RPM build dependencies.
|
||||||
|
|
||||||
|
BUILDING THE SOFTWARE PACKAGE
|
||||||
|
|
||||||
|
Windows: Start at Step 1.
|
||||||
|
Linux: Skip to Step 2.
|
||||||
|
|
||||||
|
1. Run cygwin.bat to start up Cygwin.
|
||||||
|
|
||||||
|
2. Generate autotools files:
|
||||||
|
./autogen.sh --prefix=/<install_dir> [--enable-debug]
|
||||||
|
(<install_dir> is some writable directory where 'make install' will
|
||||||
|
install files for testing.
|
||||||
|
|
||||||
|
3. To reconfigure later, or to configure software that came from a source
|
||||||
|
distribution (.tar.gz) file, use configure.
|
||||||
|
./configure --prefix/<install_dir> [--enable-debug]
|
||||||
|
(run ./configure --help for more options)
|
||||||
|
|
||||||
|
4. Select your make target, here are a few interesting ones:
|
||||||
|
|
||||||
|
make [all] - build product files (package files not included)
|
||||||
|
|
||||||
|
make clean - clean up files built by 'make all'
|
||||||
|
|
||||||
|
make package - build product and package files
|
||||||
|
|
||||||
|
make package-clean - clean up package files
|
||||||
|
|
||||||
|
make install - install product files to <install_dir> specified by
|
||||||
|
--prefix during configure
|
||||||
|
|
||||||
|
make uninstall - undo 'make install'
|
||||||
|
|
||||||
|
make dist - build a source distribution tarball.
|
||||||
|
|
||||||
|
make distclean - removes files to return state back to same as the
|
||||||
|
source distribution (configure, Makefile.in files, and other distributed
|
||||||
|
autotools files are not removed)
|
||||||
|
|
||||||
|
make maintainer-clean - removes files to return state back to same as
|
||||||
|
the SVN checkout (you will need to run ./autogen.sh again before running
|
||||||
|
make again)
|
||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
|
|
||||||
|
@ -326,7 +326,19 @@ CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDERS
|
|||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
|
|
||||||
- TBD -
|
The ATS runs over Tomcat and by default receives requests over HTTPS on port 2645. For ease
|
||||||
|
of use, the basic ATS setup scrip creates a self-signed certificate to be used by SSL. The
|
||||||
|
use of self-signed certificates weakens the security properties of the SSL channel by forcing
|
||||||
|
clients to accept them. At this time, the default mode for auth_token clients is to allow
|
||||||
|
self signed-certificates. It is recommended that administrators obtain a certificate signed
|
||||||
|
by the appropriate authority and configure the ATS to use it and change the auth_token client
|
||||||
|
configuration to not accept invalid certificates to avoid this issue.
|
||||||
|
|
||||||
|
CASA Authenticatication Tokens when compromised can be used to either impersonate
|
||||||
|
a user or to obtain identity information about the user. Because of this it is
|
||||||
|
important that the tokens be secured by applications making use of them. It is
|
||||||
|
recommended that the tokens be transmitted using SSL.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -10,10 +10,13 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
- Switch to a Web Services model where the Client/Server protocol uses SOAP.(This is under evaluation).
|
- Switch Client/Server communication to use SOAP.(This is under evaluation).
|
||||||
- Add code to verify that client/server communications occur over HTTPS.
|
- Add code to verify that client/server communications occur over HTTPS.
|
||||||
- Add logging.
|
- Add logging.
|
||||||
- Create plug-in API for Identity Token Providers.
|
- Create plug-in API for Identity Token Providers.
|
||||||
- Change printfs used for debugging into a suitable mechanism.
|
- Change printfs used for debugging into a suitable mechanism.
|
||||||
- Create tool to connect Tomcat instance to Apache Server and disabling port 2645 listener.
|
- Create tool to connect Tomcat instance to Apache Server and disabling port 2645 listener.
|
||||||
|
- Create tool to help administrators import certificates into the ATS's key store.
|
||||||
|
- Create tool to better edit the iaRealms file.
|
||||||
|
- Add identity token encryption capabilities.
|
||||||
|
|
||||||
|
@ -6,11 +6,13 @@
|
|||||||
|
|
||||||
INTRODUCTION
|
INTRODUCTION
|
||||||
|
|
||||||
This file contains a list of the items still outstanding for auth_token.
|
This file contains a list of the items still outstanding for auth_token
|
||||||
|
server-java components.
|
||||||
|
|
||||||
Note: There are TODO lists under each auth_token component. This file just
|
Note: There are TODO lists under each auth_token component. This file just
|
||||||
details outstanding items at the project level.
|
details outstanding items at the project level.
|
||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
None.
|
- Create ATS Windows install.
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
|
||||||
/***********************************************************************
|
/***********************************************************************
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||||||
@ -63,6 +64,11 @@ CasaAuthtokenValidateD has the following command line parameters:
|
|||||||
-d
|
-d
|
||||||
Optional parameter that specifies that the service must be run as a daemon.
|
Optional parameter that specifies that the service must be run as a daemon.
|
||||||
|
|
||||||
|
-s
|
||||||
|
Do not use multiple threads to call into the JVM when invoking the authentication
|
||||||
|
token verification classes. This option was added to have a temporary work around
|
||||||
|
to bug present in Sun's JVM Invoke Interface (BUG221420).
|
||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
|
|
||||||
Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
|
Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
|
||||||
|
@ -10,4 +10,4 @@ This file contains a list of the items still outstanding for libcasa_s_authtoken
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
None.
|
- Add support for encrypted identity tokens.
|
||||||
|
@ -82,113 +82,10 @@ The auth_token client/service protocol allows for the authentication of the clie
|
|||||||
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
auth_token relies in the server authentication mechanisms of SSL to verify the identity
|
||||||
of the ATS.
|
of the ATS.
|
||||||
|
|
||||||
IMPLEMENTATION STRATEGY AND CURRENT STATUS
|
|
||||||
|
|
||||||
auth_token is currently under development and is not ready to be used in production.
|
|
||||||
The implementation strategy has been to first complete the framework with all of its
|
|
||||||
modules, APIs, and packaging to allow application writters to start developing to it.
|
|
||||||
Once this is done, then the implementation focus will switch to completing the plumbing.
|
|
||||||
|
|
||||||
As of this time, a lot of the framework has been completed and there are sample
|
|
||||||
applications that can be utilized to exercise it. For a more complete picture of where
|
|
||||||
we are, look at the various TODO lists present in the child folders.
|
|
||||||
|
|
||||||
The schedule for completing auth_token is agressive.
|
|
||||||
|
|
||||||
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON WINDOWS
|
|
||||||
|
|
||||||
- Install Visual Studio .NET 2003
|
|
||||||
- Install Windows Platform SDK for Windows Server 2003 SP1
|
|
||||||
- Register the platform sdk with VS - Start/All Programs/Windows Platform SDK for Windows Server 2003 SP1/Visual Studio Registration/Register PSDK Directories with Visual Studio
|
|
||||||
- Install Cygwin - See instructions below.
|
|
||||||
- Extract Expat-2.0.0.zip in casa source directory parent
|
|
||||||
- Install Casa
|
|
||||||
|
|
||||||
Download and start cygwin install:
|
|
||||||
Browse to http://sources.redhat.com/cygwin/
|
|
||||||
|
|
||||||
Click on "Install or update now!" or "Install Cygwin now"
|
|
||||||
|
|
||||||
Cygwin Setup:
|
|
||||||
Next
|
|
||||||
|
|
||||||
Cygwin Setup - Choose Installation Type:
|
|
||||||
Install from Internet
|
|
||||||
Next
|
|
||||||
|
|
||||||
Cygwin Setup - Choose Installation Directory:
|
|
||||||
Root Directory: C:\cygwin
|
|
||||||
Install For: "All Users"
|
|
||||||
|
|
||||||
Default Text File Type: DOS
|
|
||||||
|
|
||||||
Cygwin Setup - Select Local Package Directory:
|
|
||||||
Local Package Directory: C:\cygwin-packages
|
|
||||||
|
|
||||||
Cygwin Setup - Select Connection Type:
|
|
||||||
Direct Connection
|
|
||||||
|
|
||||||
Choose A Download Site:
|
|
||||||
ftp://ftp.nas.nasa.gov
|
|
||||||
|
|
||||||
Cywin Setup - Select Packages:
|
|
||||||
Base:
|
|
||||||
defaults
|
|
||||||
|
|
||||||
Devel:
|
|
||||||
autoconf
|
|
||||||
automake
|
|
||||||
libtool
|
|
||||||
make
|
|
||||||
pkgconfig
|
|
||||||
cvs
|
|
||||||
gcc
|
|
||||||
gcc-g++
|
|
||||||
|
|
||||||
Editors:
|
|
||||||
vim (optional)
|
|
||||||
|
|
||||||
Net:
|
|
||||||
openssh
|
|
||||||
openssl
|
|
||||||
|
|
||||||
Text:
|
|
||||||
more
|
|
||||||
|
|
||||||
Utils:
|
|
||||||
clear (optional)
|
|
||||||
|
|
||||||
Cygwin Setup - Create Icons:
|
|
||||||
Finish
|
|
||||||
|
|
||||||
Edit cygwin.bat (c:\cygwin\cygwin.bat) to add a call to
|
|
||||||
%VS71COMNTOOLS%\vsvars32.bat (see example below). This sets up the
|
|
||||||
Visual Studio tools in Cygwin.
|
|
||||||
|
|
||||||
Sample cygwin.bat:
|
|
||||||
|
|
||||||
@echo off
|
|
||||||
|
|
||||||
call "%VS71COMNTOOLS%\vsvars32.bat" > NUL
|
|
||||||
|
|
||||||
C:
|
|
||||||
chdir C:\cygwin\bin
|
|
||||||
|
|
||||||
bash --login -i
|
|
||||||
|
|
||||||
|
|
||||||
REQUIREMENTS FOR BUILDING THE SOFTWARE PACKAGE ON LINUX
|
|
||||||
|
|
||||||
Install latest mono and mono-devel RPM - Obtain RPMs from
|
|
||||||
www.go-mono.org.
|
|
||||||
|
|
||||||
|
|
||||||
BUILDING THE SOFTWARE PACKAGE
|
BUILDING THE SOFTWARE PACKAGE
|
||||||
|
|
||||||
Windows: Start at Step 1.
|
1. Install needed RPMs. Look at BuildRequires line in CASA_auth_token_server.spec.in file
|
||||||
Linux: Skip to Step 2.
|
in package/linux folder to see a list of RPM build dependencies.
|
||||||
|
|
||||||
1. Run cygwin.bat to start up Cygwin.
|
|
||||||
|
|
||||||
2. Generate autotools files:
|
2. Generate autotools files:
|
||||||
./autogen.sh --prefix=/<install_dir> [--enable-debug]
|
./autogen.sh --prefix=/<install_dir> [--enable-debug]
|
||||||
@ -222,7 +119,7 @@ source distribution (configure, Makefile.in files, and other distributed
|
|||||||
autotools files are not removed)
|
autotools files are not removed)
|
||||||
|
|
||||||
make maintainer-clean - removes files to return state back to same as
|
make maintainer-clean - removes files to return state back to same as
|
||||||
the CVS checkout (you will need to run ./autogen.sh again before running
|
the SVN checkout (you will need to run ./autogen.sh again before running
|
||||||
make again)
|
make again)
|
||||||
|
|
||||||
SECURITY CONSIDERATIONS
|
SECURITY CONSIDERATIONS
|
||||||
@ -232,6 +129,10 @@ a user or to obtain identity information about the user. Because of this it is
|
|||||||
important that the tokens be secured by applications making use of them. It is
|
important that the tokens be secured by applications making use of them. It is
|
||||||
recommended that the tokens be transmitted using SSL.
|
recommended that the tokens be transmitted using SSL.
|
||||||
|
|
||||||
|
Token validation requires the installation of the certificate used by ATSs to
|
||||||
|
sign the tokens. The software assumes that any certificate installed by the
|
||||||
|
administrator is valid.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -6,12 +6,13 @@
|
|||||||
|
|
||||||
INTRODUCTION
|
INTRODUCTION
|
||||||
|
|
||||||
This file contains a list of the items still outstanding for auth_token.
|
This file contains a list of the items still outstanding for auth_token
|
||||||
|
server components.
|
||||||
|
|
||||||
Note: There are TODO lists under each auth_token component. This file just
|
Note: There are TODO lists under each auth_token component. This file just
|
||||||
details outstanding items at the project level.
|
details outstanding items at the project level.
|
||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
- Add mechanism to try communicating with ATS over port 443 if communications
|
None.
|
||||||
over port 2645 fail.
|
|
||||||
|
@ -93,11 +93,3 @@ tcp/ip and Domain sockets communications.
|
|||||||
By leveraging the File System Access Control features, you can scope communications that occur over
|
By leveraging the File System Access Control features, you can scope communications that occur over
|
||||||
Domain sockets to specific or groups of users.
|
Domain sockets to specific or groups of users.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -10,5 +10,5 @@ This file contains a list of the items still outstanding for IpcLibs.
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
- Add APIs to allow for the senging of fragmented request and reply data.
|
- Add APIs to allow for the sending of fragmented request and reply data.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user