diff options
| author | Russ Allbery <rra@stanford.edu> | 2012-04-03 20:40:01 -0700 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2012-04-03 20:40:01 -0700 |
| commit | f1eab726c10be66e94f6984418babfa9d68993b0 (patch) | |
| tree | b5588af37c06a842abc893646e7f1be97d4ed2de /TODO | |
| parent | f265274b66406a524fbef6162dcb642cc0441d23 (diff) | |
Add initial LDAP attribute ACL verifier
A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported. This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type. New configuration settings are
required as well; see Wallet::Config for more information. To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier.
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -63,8 +63,6 @@ ACLs: * Error messages from ACL operations should refer to the ACLs by name instead of by ID. - * Write the LDAP entitlement ACL verifier. - * Write the PTS ACL verifier. * Rename Wallet::ACL::* to Wallet::Verifier::*. Add Wallet::ACL as a @@ -81,7 +79,8 @@ ACLs: * A group-in-groups ACL schema. * Provide an API for verifiers to syntax-check the values before an ACL - is set and implement syntax checking for the Krb5 verifier. + is set and implement syntax checking for the krb5 and ldap-attr + verifiers. * Investigate how best to support client authentication using anonymous PKINIT for things like initial system keying. @@ -195,6 +194,11 @@ Code Style and Cleanup: Test Suite: + * The ldap-attr verifier test case is awful and completely specific to + people with admin access to the Stanford LDAP tree. Write a real test. + + * Rename the tests to use a subdirectory organization. + * Add POD coverage testing using Test::POD::Coverage for the server modules. |