KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /proc/22697/root/usr/share/doc/pam_pkcs11-0.5.3/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/22697/root/usr/share/doc/pam_pkcs11-0.5.3/TODO
0.6 will be a finish-code release. Fix source tree estructure, 
define devel api and code all to-be-written mappers are task to do

Expected things to be done in 0.6 release:

- Create and Define a pam-pkcs11 mapper API & library. 
  This is mostly done at 0.5.3, but some cleaning is needed. 
  * Create a mapper "devel" package
  * Use OpenSC libp11 pkcs11 library

- Add remote CA's and CRL's lookups
  Actually, CA's and local CRL's are stored as hash dir. Need
  to recode to use URL's as data sources

- Finish mapper coding 
  * opensc:
	- Generic mapping files
	0.5.3 searches in ${HOME}/.eid/authorized_certificates. Needs
	an additional tool to manage a "global" certificate file with
	user mappings
  * openssh:
	- Same as opensc. Hint: use "comment" field on ssh public keys
	to store login name
  * ldap mapper:
	- Allow use of any certificate content to make queries
	- find() function is too expensive when navigate across
	databases of thousand of users. Need to optimize search
	filters.
  * database mapper:
	- Define and create a UnixODBC based database mapper
  * Compile as static all mappers that does not depend on extra
  libraries

- Debian packaging
  Sorry: I only know on RPM packaging. Any volunteer?

0.7 is a try to real-life implementation: MS Active directory
configuration, NSS aware configurations, LDAP settings,
many samples and docs, general cleanups, etc. 

Things to be done in 0.7 release:
- Review all mappers that depends on remote connections.
  * conditional queries instead of getpwent() query loop

- Allow pam-pkcs11 login against MS Active Directory
  * Changes to MS_mapper to real use of UPN Domain
  * Documentation and samples

- Manuals on LDAP, NSS and so installations

- ncurses (gtk?) tool to create/edit mapfiles

0.8 will be a major cleanup: bugfixes, optimizations, pam-session
handling. Most important: pkinit aware pam module is to be scheduled
here

Things to be done in 0.8 release

- Call for pin only when needed
- Use certificate only if available for authentication
- Implement of Kerberos PKINIT specification. Rewrite of kpn mapper
- Check content-type of cert fields instead assume utf-8
- proper handle of free() calls when needed

0.9 will be a preview version. No more items are expected to add, 
just bugfixes and feedbacks from users. 
Perhaps it's time for i18n issues

1.0 That's all folks!

Anon7 - 2021