mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Book: Added small section on primary cred fallback (#3365)

Browse source
This commit is contained in:
CEbbinghaus 2025-01-21 20:45:06 +11:00 committed by GitHub
parent 10f03e19c0
commit 12532ee32d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
book/src/accounts/account_policy.md
View file

@ -188,6 +188,23 @@ account policy for a group. For example, to set the allowlist for all persons, r
kanidm group account-policy webauthn-attestation-ca-list idm_all_persons trusted-authenticators kanidm group account-policy webauthn-attestation-ca-list idm_all_persons trusted-authenticators
``` ```
### Setting Primary Credential Fallback
The primary credential fallback enables behavior which allows authenticating
using the primary account password when logging in via LDAP.
If both an LDAP and primary password are specified, Kanidm will only accept the LDAP password.
```bash
kanidm group account-policy allow-primary-cred-fallback <group name> <enabled>
```
to disable it for a group you would run:
```bash
kanidm group account-policy allow-primary-cred-fallback <group name> false
```
## Global Settings ## Global Settings
There are a small number of account policy settings that are set globally rather than on a per group There are a small number of account policy settings that are set globally rather than on a per group