diff --git a/book/src/DEVELOPER_README.md b/book/src/DEVELOPER_README.md index 2c0193bed..656a0cfed 100644 --- a/book/src/DEVELOPER_README.md +++ b/book/src/DEVELOPER_README.md @@ -413,3 +413,8 @@ docker run --rm -it \ ``` This assumes you have a `kanidm` client configuration file in the current working directory. + +### Testing the OpenAPI generator things + +There's a script in `scripts/openapi_tests` which runs a few docker containers - you need to be +running a local instance on port 8443 to be able to pull the JSON file for testing. diff --git a/book/src/account_policy.md b/book/src/account_policy.md index 7082b5418..24f63f363 100644 --- a/book/src/account_policy.md +++ b/book/src/account_policy.md @@ -18,17 +18,17 @@ When an account is affected by multiple policies, the strictest component from e applied. This can mean that two policies interact and make their combination stricter than their parts. -| value | ordering | -| ---------------- | -------------- | -| auth-session | smallest value | -| password-minimum-length | largest value | -| privilege-expiry | smallest value | +| value | ordering | +| ----------------------- | -------------- | +| auth-session | smallest value | +| password-minimum-length | largest value | +| privilege-expiry | smallest value | ### Example Resolution If we had two policies where the first defined: -``` +```text auth-session: 86400 password-minimum-length: 10 privilege-expiry: 600 @@ -36,7 +36,7 @@ privilege-expiry: 600 And the second -``` +```text auth-session: 3600 password-minimum-length: 15 privilege-expiry: 3600 @@ -46,7 +46,7 @@ As the value of auth-session from the second is smaller we would take that. We w smallest value of privilege-expiry from the first. We would take the largest value of password-minimum-length. This leaves: -``` +```text auth-session: 3600 password-minimum-length: 15 privilege-expiry: 600 @@ -56,7 +56,7 @@ privilege-expiry: 600 Account Policy is enabled on a group with the command: -``` +```shell kanidm group account-policy enable kanidm group account-policy enable my_admin_group ``` @@ -73,20 +73,20 @@ disclosed sessions as they can only _read_ data, not write it. To set the maximum authentication session time -``` +```shell kanidm group account-policy auth-expiry kanidm group account-policy auth-expiry my_admin_group 86400 ``` ## Setting Minimum Password Length -The password-minimum-length value defines the character length of passwords that are acceptable. There -are no-other tunables for passwords in account policy. Other settings such as complexity, symbols, -numbers and so on, have been proven to not matter in any real world attacks. +The password-minimum-length value defines the character length of passwords that are acceptable. +There are no-other tunables for passwords in account policy. Other settings such as complexity, +symbols, numbers and so on, have been proven to not matter in any real world attacks. To set this value: -``` +```shell kanidm group account-policy password-minimum-length kanidm group account-policy password-minimum-length my_admin_group 12 ``` @@ -98,7 +98,7 @@ reauthentication. After this time, the session returns to read-only mode. To set the maximum privilege time -``` +```shell kanidm group account-policy privilege-expiry kanidm group account-policy privilege-expiry my_admin_group 900 ``` diff --git a/scripts/openapi_tests/check_openapi_spec.sh b/scripts/openapi_tests/check_openapi_spec.sh index 011f73eaa..62336a9ed 100755 --- a/scripts/openapi_tests/check_openapi_spec.sh +++ b/scripts/openapi_tests/check_openapi_spec.sh @@ -38,4 +38,4 @@ docker run --rm -it \ openapitools/openapi-generator-cli generate \ -i /spec/openapi.json -g rust -cleanup "${WORKDIR}" \ No newline at end of file +cleanup "${WORKDIR}"