kanidm/kanidm_book/src/client_tools.md

# Client tools

To interact with Kanidm as an administrator, you'll need to use our command 
line tools. If you haven't installed them yet, 
[install them now](installing_client_tools.mdc).

## Kanidm configuration

You can configure `kanidm` to help make commands simpler by modifying `~/.config/kanidm` 
or `/etc/kanidm/config`.

    uri = "https://idm.example.com"
    verify_ca = true|false
    verify_hostnames = true|false
    ca_path = "/path/to/ca.pem"

Once configured, you can test this with:

    kanidm self whoami --name anonymous

## Session Management

To authenticate as a user (for use with the command line), you need to use the `login` command
to establish a session token.

    kanidm login --name USERNAME
    kanidm login --name admin

Once complete, you can use `kanidm` without re-authenticating for a period of time for administration.

You can list active sessions with:

    kanidm session list

Sessions will expire after a period of time (by default 1 hour). To remove these expired sessions
locally you can use:

    kanidm session cleanup

To log out of a session:

    kanidm logout --name USERNAME
    kanidm logout --name admin
Auto-publishing the book and rustdoc. (#534) 2021-07-24 03:12:35 +02:00			`# Client tools`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
Kanidm book review 6 (#800) * change capitalization on section headings, and some terminology, small wording tweaks * more small corrections, line breaks, capitalization, small wording changes * minor corrections, punctuation, wording * NAS = Network Access Server 2022-06-02 03:09:02 +02:00			`To interact with Kanidm as an administrator, you'll need to use our command`
			`line tools. If you haven't installed them yet,`
			`[install them now](installing_client_tools.mdc).`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
Update repo locations and versions in prep for release (#492) 2021-06-25 10:38:45 +02:00			`## Kanidm configuration`
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
continuing review of Kanidm book (#775) 2022-05-27 01:07:56 +02:00			You can configure `kanidm` to help make commands simpler by modifying `~/.config/kanidm`
			or `/etc/kanidm/config`.
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
			`uri = "https://idm.example.com"`
			`verify_ca = true\|false`
			`verify_hostnames = true\|false`
			`ca_path = "/path/to/ca.pem"`

			`Once configured, you can test this with:`

			`kanidm self whoami --name anonymous`

			`## Session Management`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00
continuing review of Kanidm book (#775) 2022-05-27 01:07:56 +02:00			To authenticate as a user (for use with the command line), you need to use the `login` command
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`to establish a session token.`

			`kanidm login --name USERNAME`
			`kanidm login --name admin`

continuing review of Kanidm book (#775) 2022-05-27 01:07:56 +02:00			Once complete, you can use `kanidm` without re-authenticating for a period of time for administration.
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00			`You can list active sessions with:`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00			`kanidm session list`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00			`Sessions will expire after a period of time (by default 1 hour). To remove these expired sessions`
			`locally you can use:`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00			`kanidm session cleanup`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
continuing review of Kanidm book (#775) 2022-05-27 01:07:56 +02:00			`To log out of a session:`
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
			`kanidm logout --name USERNAME`
continuing review of Kanidm book (#775) 2022-05-27 01:07:56 +02:00			`kanidm logout --name admin`