Common Authentication Service Adapter (CASA)

  • 7002312
  • 07-Jan-2009
  • 30-Apr-2012


Novell Open Enterprise Server 1 (OES 1) Support Pack 2 Linux
Novell Open Enterprise Server 2 (OES 2)


What is CASA?


 Common Authentication Service Adapter (CASA) provides a common infrastructure for client authentication
     across the Linux* and Microsoft* Windows* desktops.
     Novell products (such as GroupWise, GroupWise Messenger, iPrint, Novell iFolder, and the Novell
     clients for Windows and Linux) are integrated with the miCASA interface and can take advantage of the
     credential store that provides the cornerstone for CASA.

     The main components of CASA on Linux are:

     -  CASA Identity Development Kit (IDK): The IDK provides a set of APIs that application and service
        developers can use to write user/application credentials to the credential store. The IDK APIs
        internally store the credentials passed onto them by the applications in miCASAd. There are C, C++,
        C# and Java bindings available for the CASA IDK.

     -  miCASAd: An active component that starts during boot time. On Linux, miCASAd is available in the
        run-levels 1, 2, 3 and 5. It runs with root privileges and is active as long as the system is
        up. It stores and provides credentials or secrets based on the Linux user identifier (uid) of the
        process that makes the IDK API calls. The credentials, which are stored by applications in
        miCASAd, are maintained in memory and written to disk for this release. Session-based secrets implies
        secrets that are stored in an in-memory cache, are available only as long as the user is in session on
        the desktop, and are destroyed when miCASA daemon is restarted or the user logs off. When the user
        logs back in, the secrets written to disk are read back into memory.
     -  Login Credential Capture Module: On Linux, the login credential capture module is implemented as a
        PAM module. This PAM module captures the user's desktop login credentials and stores them in
        miCASAd using the IDK APIs. This PAM module is placed as the last module in the auth and session
        stacks of xdm, gdm, kdm, login and sshd PAM configuration files. The functionality of this
        module is to store the credentials in miCASAd.

        Any PAM module that uses the IDK APIs must set its effective user id temporarily to that of the user
        logging in (the user returned by calling pam_get_user()), if the credentials need to be
        stored against that user. There might be cases where the user obtained through pam_get_user()
        might not be the one against whom the PAM module  actually intends to store credentials.

Additional Information

Additional  Documentation
Check CASA PDF in your server at  /usr/share/doc/packages/CASA/doc/CASA_Reference_Guide.pdf