-
Notifications
You must be signed in to change notification settings - Fork 6
/
MIGRATION
55 lines (43 loc) · 1.86 KB
/
MIGRATION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Migration from Poldi 0.3
========================
Several things have changed with the release of Poldi 0.4. This
document explains how to upgrade smoothly from Poldi 0.3 to Poldi 0.4
or greater.
* Authentication Methods
Poldi 0.3 only supported one mechanism to authenticate a user: a
challenge-response protocol in combination with a smartcard<-->user
mapping stored in a plain text file. Now, Poldi supports two
so-called "authentication methods" with the Poldi 0.3 way of
authenticating being one such method, which is named "localdb".
The other supported authentication method named "x509" implements
authentication against a X509 PKI with the help of Dirmngr.
There is no default authentication method, thus if you want to use
the new Poldi just like Poldi 0.3, you need to specify "auth-method
localdb" in the configuration file poldi.conf.
* Configuration
With Poldi 0.3 it was possible to "register" smartcards and control
the mapping between users and smartcards with the poldi-ctrl
utility. As of Poldi 0.4 poldi-ctrl has been stripped in this
respect; it does not contain this functionality anymore. Instead the
system administrator has to edit the appropriate files manually.
* Paths
Some paths have changed since Poldi 0.3. In particular:
${sysconfdir}/poldi/keys -> ${sysconfdir}/poldi/localdb/keys
${sysconfdir}/poldi/users -> ${sysconfdir}/poldi/localdb/users
* Lost configuration options
Having unimplemented options in Poldis configuration file causes
Poldi to bail out during initialization. Note that the following
configuration options have been removed during the development of
Poldi 0.4:
- "debug-sc"
- "ctapi-driver"
- "pcsc-driver"
- "reader-port"
- "disable-ccid"
- "debug-ccid-driver"
- "disable-opensc"
- "fake-wait-for-card"
- "require-card-switch"
- "wait-timeout"
- "try_pin"
- "quiet"