0.6 will be a finish-code release. Fix source tree estructure, define devel api and code all to-be-written mappers are task to do Expected things to be done in 0.6 release: - Create and Define a pam-pkcs11 mapper API & library. This is mostly done at 0.5.3, but some cleaning is needed. * Create a mapper "devel" package * Use OpenSC libp11 pkcs11 library - Add remote CA's and CRL's lookups Actually, CA's and local CRL's are stored as hash dir. Need to recode to use URL's as data sources - Finish mapper coding * opensc: - Generic mapping files 0.5.3 searches in ${HOME}/.eid/authorized_certificates. Needs an additional tool to manage a "global" certificate file with user mappings * openssh: - Same as opensc. Hint: use "comment" field on ssh public keys to store login name * ldap mapper: - Allow use of any certificate content to make queries - find() function is too expensive when navigate across databases of thousand of users. Need to optimize search filters. * database mapper: - Define and create a UnixODBC based database mapper * Compile as static all mappers that does not depend on extra libraries 0.7 is a try to real-life implementation: MS Active directory configuration, NSS aware configurations, LDAP settings, many samples and docs, general cleanups, etc. Things to be done in 0.7 release: - Review all mappers that depends on remote connections. * conditional queries instead of getpwent() query loop - Allow pam-pkcs11 login against MS Active Directory * Changes to MS_mapper to real use of UPN Domain * Documentation and samples - Manuals on LDAP, NSS and so installations - ncurses (gtk?) tool to create/edit mapfiles 0.8 will be a major cleanup: bugfixes, optimizations, pam-session handling. Most important: pkinit aware pam module is to be scheduled here Things to be done in 0.8 release - Call for pin only when needed - Use certificate only if available for authentication - Implement of Kerberos PKINIT specification. Rewrite of kpn mapper - Check content-type of cert fields instead assume utf-8 - proper handle of free() calls when needed 0.9 will be a preview version. No more items are expected to add, just bugfixes and feedbacks from users. Perhaps it's time for i18n issues 1.0 That's all folks!