Environment
Novell Open Enterprise Server 1 (OES 1) Support Pack 2 Linux
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server 2 (OES 2)
Situation
What is CASA?
Resolution
Common Authentication Service Adapter (CASA) provides a common infrastructure for client authentication
across the Linux* and Microsoft* Windows* desktops.
Novell products (such as GroupWise, GroupWise Messenger, iPrint, Novell iFolder, and the Novell
clients for Windows and Linux) are integrated with the miCASA interface and can take advantage of the
credential store that provides the cornerstone for CASA.
The main components of CASA on Linux are:
- CASA Identity Development Kit (IDK): The IDK provides a set of APIs that application and service
developers can use to write user/application credentials to the credential store. The IDK APIs
internally store the credentials passed onto them by the applications in miCASAd. There are C, C++,
C# and Java bindings available for the CASA IDK.
- miCASAd: An active component that starts during boot time. On Linux, miCASAd is available in the
run-levels 1, 2, 3 and 5. It runs with root privileges and is active as long as the system is
up. It stores and provides credentials or secrets based on the Linux user identifier (uid) of the
process that makes the IDK API calls. The credentials, which are stored by applications in
miCASAd, are maintained in memory and written to disk for this release. Session-based secrets implies
secrets that are stored in an in-memory cache, are available only as long as the user is in session on
the desktop, and are destroyed when miCASA daemon is restarted or the user logs off. When the user
logs back in, the secrets written to disk are read back into memory.
- Login Credential Capture Module: On Linux, the login credential capture module is implemented as a
PAM module. This PAM module captures the user's desktop login credentials and stores them in
miCASAd using the IDK APIs. This PAM module is placed as the last module in the auth and session
stacks of xdm, gdm, kdm, login and sshd PAM configuration files. The functionality of this
module is to store the credentials in miCASAd.
Any PAM module that uses the IDK APIs must set its effective user id temporarily to that of the user
logging in (the user returned by calling pam_get_user()), if the credentials need to be
stored against that user. There might be cases where the user obtained through pam_get_user()
might not be the one against whom the PAM module actually intends to store credentials.
across the Linux* and Microsoft* Windows* desktops.
Novell products (such as GroupWise, GroupWise Messenger, iPrint, Novell iFolder, and the Novell
clients for Windows and Linux) are integrated with the miCASA interface and can take advantage of the
credential store that provides the cornerstone for CASA.
The main components of CASA on Linux are:
- CASA Identity Development Kit (IDK): The IDK provides a set of APIs that application and service
developers can use to write user/application credentials to the credential store. The IDK APIs
internally store the credentials passed onto them by the applications in miCASAd. There are C, C++,
C# and Java bindings available for the CASA IDK.
- miCASAd: An active component that starts during boot time. On Linux, miCASAd is available in the
run-levels 1, 2, 3 and 5. It runs with root privileges and is active as long as the system is
up. It stores and provides credentials or secrets based on the Linux user identifier (uid) of the
process that makes the IDK API calls. The credentials, which are stored by applications in
miCASAd, are maintained in memory and written to disk for this release. Session-based secrets implies
secrets that are stored in an in-memory cache, are available only as long as the user is in session on
the desktop, and are destroyed when miCASA daemon is restarted or the user logs off. When the user
logs back in, the secrets written to disk are read back into memory.
- Login Credential Capture Module: On Linux, the login credential capture module is implemented as a
PAM module. This PAM module captures the user's desktop login credentials and stores them in
miCASAd using the IDK APIs. This PAM module is placed as the last module in the auth and session
stacks of xdm, gdm, kdm, login and sshd PAM configuration files. The functionality of this
module is to store the credentials in miCASAd.
Any PAM module that uses the IDK APIs must set its effective user id temporarily to that of the user
logging in (the user returned by calling pam_get_user()), if the credentials need to be
stored against that user. There might be cases where the user obtained through pam_get_user()
might not be the one against whom the PAM module actually intends to store credentials.
Additional Information
Additional Documentation
Check CASA PDF in your server at /usr/share/doc/packages/CASA/doc/CASA_Reference_Guide.pdf
Check CASA PDF in your server at /usr/share/doc/packages/CASA/doc/CASA_Reference_Guide.pdf