[kmf-discuss] more detailed proposal for cert-to-name mapping
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Mon Feb 25 12:50:50 PST 2008
Wyllys Ingersoll wrote:
> Jan Pechanec wrote:
>
>> hi, this email contains more details to previously sent proposal.
>> This is about developer's interface to KMF only, I'll send proposal on
>> initial set of mappers in a separate email.
>>
>>
>> ----------------------------------------------------------------------------
>> kmf_cert_to_name_mapping_init(KMF_HANDLE_T, KMF_ATTRIBUTE *attrlist);
>>
>> KMF_MAPPER_NAME - mapper name (kmf_mapper_<name>.so)
>> KMF_MAPPER_DIRECTORY - default is /etc/security/kmf
>> KMF_MAPPER_PATH - full path to mapper shared object, overrides
>> NAME and DIRECTORY
>> KMF_MAPPER_SETTING - mapper specific options in a string
>>
>> - all 4 attributes are string
>>
If none of the above are given, should the "init" function just take
the values from the
current policy record? And if no mapper is defined in the policy,
return an error like
KMF_ERR_MAPPER_FOUND ?
Also, do local parameters override the policy values? (I think so).
-Wyllys
More information about the kmf-discuss
mailing list