This version of Network Identity Manager presents a significant improvement over the Network Identity Manager 1.x.
Network Identity Manager 1.x only supports a single identity provider. This was sufficient when only Kerberos v5 identities are to be supported. However, not all network identities are based on Kerberos v5. In order to support other identity classes such as X.509 certificates and key stores, support for multiple identity providers is required.
Adding multiple identity providers required changes to the user interface, the configuration system and the credentials database. Selecting an identity type is now an integral part of the creation of a new identity via the "New Credentials Wizard".
In addition to the Kerberos v5 identity provider, this version includes a KeyStore identity provider and developer resources for building additional identity providers.
The new credentials dialog from version 1 has been completely replaced by the new credentials wizard. This new interface separates the processes of specifying identities, configuring identities and obtaining new credentials for identities.
When attempting to specify a new identity, the new credentials wizard automatically switches to the new identity configuration wizard which guides the user through the available options and credentials providers. This process only needs to be completed once for each identity and is optional.
The new credentials wizard is documented here
The credentials display was also replaced. The new interface supports more widgets and provides live feedback of on-going credential operations.
The KeyStore is a password storage plug-in for Network Identity Manager that was designed to address the needs of users who need to obtain credentials for multiple identities simultaneously.
More information about the KeyStore plug-in can be found here.
The software development kit for developing plug-ins for Network Identity Manager was updated to include a template for an identity provider plug-in. The credentials provider plug-in was updated to be compatible with the new API.
Even though the API for Network Identity Manager has changed significantly from version 1.x to version 2, the ABI remains backward compatible for compliant credentials providers. Backwards compatibility was tested using OpenAFS and KCA plug-ins that were written to work with version 1.x API.