зеркало из https://github.com/mozilla/pjs.git
Bugzilla Bug 282610: added a README file. Describe what svrcore is and
how it is being used.
This commit is contained in:
wtchang%redhat.com
Родитель
e8286cc912
Коммит
644a2f43f0
|
|
@ -0,0 +1,48 @@
|
|||
The Netscape svrcore library
|
||||
|
||||
Terry Hayes wrote the Netscape svrcore library in 1998.
|
||||
Valerie Chu wrote the ntgetpin.c and related files.
|
||||
|
||||
svrcore used to contain two major parts.
|
||||
|
||||
The first part is what we released on mozilla. It is a kind of
|
||||
object-oriented package for handling PIN requests from NSS. The
|
||||
idea was to provide a standard way for servers to allow PIN input
|
||||
from a file or from the terminal. There is also a PIN handler
|
||||
that caches the PIN in memory after encrypting it with a key on
|
||||
a device (such as a Fortezza card). This allowed a server to
|
||||
restart without having to reenter the PIN. However since the PIN
|
||||
is encrypted, a core dump would not expose it. In addition,
|
||||
removing the device would also make the PIN inaccessible.
|
||||
|
||||
The files are:
|
||||
|
||||
svrcore.h - API definition
|
||||
alt.c - allows two possible PIN request methods to be used (say
|
||||
file and then terminal)
|
||||
cache.c - caches the result from another PIN request method
|
||||
errors.c - error text
|
||||
file.c - reads the PIN from a specified file
|
||||
ntgetpin.c - Windows version of a user prompt for PIN
|
||||
ntgetpin.rc - Windows resource script for ntgetpin.c
|
||||
ntresource.h - a generated include file used by ntgetpin.rc
|
||||
key.ico - an icon used by ntgetpin.rc
|
||||
logo.ico - an icon used by ntgetpin.rc
|
||||
pin.c - functions to register a PIN request object with NSS
|
||||
pk11.c - implementation of the encrypted in-memory caching
|
||||
std.c - a "standard" PIN object that satisfies requests from a
|
||||
file or the terminal and allows caching if desired.
|
||||
user.c - prompts the user for the PIN
|
||||
|
||||
Note: the pk11.c file (secure PIN store) is a pretty good example
|
||||
of how to encrypt/decrypt with NSS.
|
||||
|
||||
There was a second component of svrcore that handled export policy
|
||||
configuration. It allowed patching of a single executable (single
|
||||
program build) to create the export and domestic versions of a
|
||||
server. This code was discontinued after the export policy changes.
|
||||
|
||||
The LDAP C SDK tools use svrcore. They also implemented their
|
||||
own PIN object to allow command line PIN entry. The directory
|
||||
server also implemented its own PIN object to allow a watchdog
|
||||
process to cache the PIN and restart the server.
|
||||
Загрузка…
Ссылка в новой задаче