CryptID - Browse Files at SourceForge.net

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size
README	2013-04-14	4.5 kB
CryptID-0.0.1-alpha.tar.gz	2013-04-14	49.5 kB
Totals: 2 Items		54.0 kB

# This is the first release of CryptID 64bit. The following steps will get you up and running with CryptID:
# 1) Compile with OpenLdap 2.4.23 source libs
# 2) Copy CryptID.so to your OpenLdap overlay folder
# 3) Add CryptID overlay configs entries to slapd.conf - sample config is provided in the ldap subfolder
# 4) Update ldap.conf to support SSL key exchanges - sample config is provided in the ldap subfolder
# 5) Copy CryptID to your OpenLdap schema folder

# Once you have installed the CrypID overlay into OpenLdap, you will need to provision your first accounts
# CryptID requires specific attributes to be created with new user accounts:

# ssoPrincipalName	: The real account on backend server which is being cached on CryptID
#			  in the case of Active Directory, this is the unique userPrincipalName attribute
#			  in the case of a regular ldap backend, this is the full ldap string
# ssoClientServer	: The LDAP uri for backend account server - either ldap or ldaps
# ssoDoCallback		: Enables or disables callback feature, if value is "no" then the account is treated
#			  as local to the CryptID server, and no further account validation is performed on
#			  login failure 
# ssoStatusMSG		: Currently marks if account is newly provisioned, but is intended to later denote
#			  level of trust based on previous account history and security.
# ssoPassStr		: Still to be developed attribute noting password heuristic strength
# ssoMember   		: Optional field for group/service authentication

# Example where Single-SignOn backend server is Active Directory
# ssoPrincipalName maps to unique PrincipalName identifier on Active Directory server
# ssoClientServer could be ldap or ldaps uri, whichever is is supported on client server
# ssoDoCallback enabled for authentication caching and provisioning
# ssoStatusMSG notifies server that account is uncached, newly provisioned
# ssoPassStr assumes password is reasonably strong
# userPassword is unset, first authentication will result in callback to backend server 
# and password cache

# dn: ou=Users,ou=AD_Domain,dc=example,dc=com
# objectClass: top
# objectClass: organizationalUnit
# ou: internet users
# structuralObjectClass: organizationalUnit

# dn: uid=johndoe,ou=Users,ou=AD_Domain,dc=example,dc=com
# displayName: John Doe
# objectClass: ssoCacheOverlay
# objectClass: inetOrgPerson
# ssoClientServer: ldaps://192.168.4.10
# ssoPrincipalName: johndoe@AD_Domain.local
# ssoStatusMSG: new
# ssoDoCallback: yes
# ssoPassStr: good
# uid: johndoe
# cn: John Doe
# mail: johndoe@example.com
# sn: Doe
# givenName: John
# userPassword:: unset
# structuralObjectClass: inetOrgPerson
# ssoMember: Service1
# ssoMember: Service2

# Example where Single-SignOn backend server is LDAP based
# ssoPrincipalName maps to regular LDAP attribute on original account server
# ssoClientServer could be ldap or ldaps uri, whichever is is supported on client server

# dn: ou=People,dc=ldap,dc=example,dc=org
# objectClass: top
# objectClass: organizationalUnit
# ou: synaqlocal
# structuralObjectClass: organizationalUnit

# dn: uid=mickeymouse,ou=People,dc=ldap,dc=example,dc=org
# objectClass: inetOrgPerson
# objectClass: ssoCacheOverlay
# structuralObjectClass: inetOrgPerson
# givenName: Mickey
# displayName: Mickey Mouse
# sn: Mouse
# mail: mickeymouse@example.org
# ssoStatusMSG: new
# ssoDoCallback: yes
# ssoPassStr: good
# userPassword:: unset
# ssoClientServer: ldap://192.168.0.2
# ssoPrincipalName: uid=mickeymouse,ou=People,dc=example,dc=local
# cn: Mickey Mouse
# uid: mickeymouse
# ssoMember: Service1

# Example of local only account - no Single-SignOn backend server
# ssoDoCallback: no - In event of password mismatch, CryptID will not attempt to validate supplied credentials
# against a backend server. Account is treated as existing only on CryptID server - allows for co-existance
# of both Single-SignOn accounts and local ldap accounts

# dn: ou=People,dc=non_sso,dc=example,dc=local
# objectClass: top
# objectClass: organizationalUnit
# ou: synaq
# structuralObjectClass: organizationalUnit

# dn: uid=daffyduck,ou=People,dc=non_sso,dc=example,dc=org
# objectClass: inetOrgPerson
# objectClass: ssoCacheOverlay
# structuralObjectClass: inetOrgPerson
# givenName: Daffy
# displayName: Daffy Duck
# sn: Duck
# mail: blank daffyduck@example.org
# ssoDoCallback: no
# userPassword:: wsnF4UyDWeeKvwYuDBvldLQvNMvxp6Lc
# cn: Daffy Duck
# uid: daffyduck
# ssoMember: Service1

Source: README, updated 2013-04-14

CryptID Files

An open framework for Single SignOn authentication

CryptID Files

An open framework for Single SignOn authentication

Get an email when there's a new version of CryptID