Common Authentication Service Adapter (CASA) provides a common infrastructure for client authentication across Linux and Microsoft Windows desktops. Novell® products (such as GroupWise®, GroupWise Messenger, iPrint, Novell iFolder®, and Novell clients for Windows and Linux) are integrated with the miCASA interface, and can take advantage of the credential store that provides the cornerstone for CASA.

CASA provides the following main components:

CASA Identity Development Kit (IDK): The developer kit provides a set of APIs that application and service developers can use to write user/application credentials to the credential store. The APIs internally store the credentials passed onto them by the applications in miCASAd. C, C++, C# and Java bindings are available for the CASA Identity Development Kit (IDK).

Login Credential Capture Module: On Linux, the Login Credential Capture module is implemented as a Plugable Authentication Module (PAM). This PAM module captures the user™s desktop login credentials and stores them in miCASAd using the IDK APIs. This PAM module is placed as the last module in the auth and session stacks of xdm, gdm, kdm, login and sshd PAM configuration files. In the auth stack, the functionality of this module is to store the credentials in miCASAd and in the session stack, then closes the user™s session with miCASAd.

miCASAd: An active component that starts during boot time.

Linux: miCASAd stores and provides credentials or secrets based on the user identifier (uid) of the process that makes the IDK API calls. It is available in the run-levels 1, 2, 3 and 5. It runs with root privileges and is active as long as the system is up.

Windows: CASA consists of a single CASA.msi, which is the installation module that contains the following components that match their Linux counterparts:

o

CASA-gui.msm

o

CASA.msm

A separate Windows package called CASA-devel.msi installs the CASA development kit.

Credentials saved by user applications are encrypted and saved to the file system. When the user logs into the desktop, the credentials are read back into computer memory and made available to user applications.

NOTE:Any Pluggable Authentication module (PAM) that uses the IDK APIs must set its effective user ID temporarily to that of the user logging in (the user returned by calling pam_get_user()), if the credentials need to be stored against that user. There might be cases where the user obtained through pam_get_user() might not be the one against whom the PAM actually intends to store credentials.