[kmf-discuss] more detailed proposal for cert-to-name mapping
Jan Pechanec
Jan.Pechanec at Sun.COM
Mon Feb 25 12:59:47 PST 2008
On Mon, 25 Feb 2008, Wyllys Ingersoll wrote:
> Wyllys Ingersoll wrote:
>> Jan Pechanec wrote:
>>
>>> hi, this email contains more details to previously sent proposal. This
>>> is about developer's interface to KMF only, I'll send proposal on initial set
>>> of mappers in a separate email.
>>>
>>>
>>> ----------------------------------------------------------------------------
>>> kmf_cert_to_name_mapping_init(KMF_HANDLE_T, KMF_ATTRIBUTE *attrlist);
>>>
>>> KMF_MAPPER_NAME - mapper name (kmf_mapper_<name>.so)
>>> KMF_MAPPER_DIRECTORY - default is /etc/security/kmf
>>> KMF_MAPPER_PATH - full path to mapper shared object, overrides
>>> NAME and DIRECTORY
>>> KMF_MAPPER_SETTING - mapper specific options in a string
>>>
>>> - all 4 attributes are string
>>>
>
> If none of the above are given, should the "init" function just take the
> values from the
> current policy record? And if no mapper is defined in the policy, return an
oh, yes. If I didn't write it there I meant it like that. All I
would like to give to SSH is the policy file and keys.
> error like
> KMF_ERR_MAPPER_FOUND ?
KMF_ERR_NO_MAPPER_FOUND ?
>
> Also, do local parameters override the policy values? (I think so).
I think so, too.
--
Jan Pechanec
More information about the kmf-discuss
mailing list