-
Notifications
You must be signed in to change notification settings - Fork 6
/
TODO
36 lines (34 loc) · 1.68 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Final:
* allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!)
Low priority:
* allow user to skip card authentication without submitting a wrong
PIN to the card, e.g. by entering an empty PIN? Return
PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR?
* figure out what exactly the dependencies on the OpenPGP smartcard are.
* improve doc
* work on MIGRATION text
* fix install-conf-skeleton (does nothing for x509?)
* better (new?) error codes
* verify we don't need pam_sm_setcred; i still don't get what this
call is needed for - most PAM modules in Linux-PAM implement it as a
dummy.
* poldi shouldn't contain any global state (explain why), reference
needed: as far as i understand it, PAM modules should be rather
reentrant; at least thread safe. so that applications do can call
pam_authenticate without danger.
* conf skeleton for x509 method?
* do we want to respect conv_tell error codes or should it be void?
* give user a chance to enter PIN twice?
* check if information on Applications in the manual are still uptodate.
* figure what needs to be done for enabling LTSP logins through Poldi (interesting!)
* allow user to override scdaemon to use through environment variables
or something (probably required for ltsp).
* what does "6 characters minimum" mean in openpgp-card.pdf? is it "bytes" or really "utf8 characters"?
* shall we really forbid to use non-digit characters in PIN?
* system wide scdaemon?
* disallow login in case of key expiration
* diplay expiration info before key is expired
* portability to non- GNU/Linux systems that support PAM
* workaround for older cards regarding public key retrival?
High priority:
* general audit