mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Docs fixes for #2296 (#2297)

Browse source 
* docs touchups
This commit is contained in:
James Hodgkinson 2023-11-07 12:09:52 +10:00 committed by GitHub
parent 12f1de8358
commit 0174283115
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
book/src/DEVELOPER_README.md
View file

@ -413,3 +413,8 @@ docker run --rm -it \
```
This assumes you have a `kanidm` client configuration file in the current working directory.
### Testing the OpenAPI generator things
There's a script in `scripts/openapi_tests` which runs a few docker containers - you need to be
running a local instance on port 8443 to be able to pull the JSON file for testing.

22
book/src/account_policy.md
View file

@ -19,7 +19,7 @@ applied. This can mean that two policies interact and make their combination str
parts.
| value | ordering |
| ---------------- | -------------- |
| ----------------------- | -------------- |
| auth-session | smallest value |
| password-minimum-length | largest value |
| privilege-expiry | smallest value |
@ -28,7 +28,7 @@ parts.
If we had two policies where the first defined:
```
```text
auth-session: 86400
password-minimum-length: 10
privilege-expiry: 600
@ -36,7 +36,7 @@ privilege-expiry: 600
And the second
```
```text
auth-session: 3600
password-minimum-length: 15
privilege-expiry: 3600
@ -46,7 +46,7 @@ As the value of auth-session from the second is smaller we would take that. We w
smallest value of privilege-expiry from the first. We would take the largest value of
password-minimum-length. This leaves:
```
```text
auth-session: 3600
password-minimum-length: 15
privilege-expiry: 600
@ -56,7 +56,7 @@ privilege-expiry: 600
Account Policy is enabled on a group with the command:
```
```shell
kanidm group account-policy enable <group name>
kanidm group account-policy enable my_admin_group
```
@ -73,20 +73,20 @@ disclosed sessions as they can only _read_ data, not write it.
To set the maximum authentication session time
```
```shell
kanidm group account-policy auth-expiry <group name> <seconds>
kanidm group account-policy auth-expiry my_admin_group 86400
```
## Setting Minimum Password Length
The password-minimum-length value defines the character length of passwords that are acceptable. There
are no-other tunables for passwords in account policy. Other settings such as complexity, symbols,
numbers and so on, have been proven to not matter in any real world attacks.
The password-minimum-length value defines the character length of passwords that are acceptable.
There are no-other tunables for passwords in account policy. Other settings such as complexity,
symbols, numbers and so on, have been proven to not matter in any real world attacks.
To set this value:
```
```shell
kanidm group account-policy password-minimum-length <group name> <length>
kanidm group account-policy password-minimum-length my_admin_group 12
```
@ -98,7 +98,7 @@ reauthentication. After this time, the session returns to read-only mode.
To set the maximum privilege time
```
```shell
kanidm group account-policy privilege-expiry <group name> <seconds>
kanidm group account-policy privilege-expiry my_admin_group 900
```