2019-02-02 02:44:31 +01:00
|
|
|
# Kanidm
|
2018-09-29 09:54:16 +02:00
|
|
|
|
2019-02-02 02:44:31 +01:00
|
|
|
Kanidm is an identity management platform written in rust. Our goals are:
|
2018-09-29 09:54:16 +02:00
|
|
|
|
|
|
|
|
* Modern identity management platform
|
|
|
|
|
* Simple to deploy and integrate with
|
|
|
|
|
* extensible
|
|
|
|
|
* correct
|
|
|
|
|
|
|
|
|
|
## Code of Conduct
|
|
|
|
|
|
|
|
|
|
See CODE_OF_CONDUCT.md
|
|
|
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
|
|
|
|
|
## MVP features
|
|
|
|
|
|
|
|
|
|
* Pam/nsswitch clients (with offline auth, and local totp)
|
|
|
|
|
* CLI for admin
|
|
|
|
|
* OIDC/Oauth
|
|
|
|
|
* SSH key distribution
|
|
|
|
|
* MFA (TOTP)
|
|
|
|
|
* In memory read cache (cow)
|
|
|
|
|
* backup/restore
|
|
|
|
|
|
|
|
|
|
## Planned features
|
|
|
|
|
|
|
|
|
|
* Replicated database backend (389-ds, couchdb, or custom repl proto)
|
|
|
|
|
* SAML
|
|
|
|
|
* Read Only Replicas
|
|
|
|
|
* Certificate distribution?
|
|
|
|
|
* Web UI for admin
|
|
|
|
|
* Account impersonation
|
|
|
|
|
* Webauthn
|
|
|
|
|
* Sudo rule distribution via nsswitch?
|
|
|
|
|
|
|
|
|
|
## Features we want to avoid
|
|
|
|
|
|
|
|
|
|
* Audit: This is better solved by ...
|
|
|
|
|
* Fully synchronous behaviour: ...
|
|
|
|
|
* Generic database: ... (max db size etc)
|
|
|
|
|
* Being LDAP: ...
|
2019-02-02 02:44:31 +01:00
|
|
|
* GSSAPI/Kerberos
|
2018-09-29 09:54:16 +02:00
|
|
|
|
|
|
|
|
## More?
|
|
|
|
|
|
|
|
|
|
## Get involved
|
|
|
|
|
|
|
|
|
|
## Designs
|
|
|
|
|
|
|
|
|
|
See the designs folder
|
|
|
|
|
|
2019-02-02 02:44:31 +01:00
|
|
|
## Why do I see rsidm references?
|
|
|
|
|
|
|
|
|
|
The original project name was rsidm while it was a thought experiment. Now that it's growing
|
|
|
|
|
and developing, we gave it a better project name. Kani is Japanese for "crab". Rust's mascot
|
|
|
|
|
is a crab. It all works out in the end.
|
2018-09-29 09:54:16 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
