mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
Fix incorrect documentation elements (#2533)
This adds the account-policy section for credential-type-minimums and fixes the replication config defaults to match the documented behaviour.
This commit is contained in:
Firstyear
GitHub
parent
3549c8562f
commit
a4c2e66afd
|
|
@ -12,8 +12,8 @@ assigned to `idm_admin` by default.
|
||||||
|
|
||||||
## Default Account Policy
|
## Default Account Policy
|
||||||
|
|
||||||
A default Account Policy is applied to `idm_all_accounts`. This provides the defaults that influence
|
A default Account Policy is applied to `idm_all_persons`. This provides the defaults that influence
|
||||||
all accounts in Kanidm. This policy can be modified the same as any other group's policy.
|
all people in Kanidm. This policy can be modified the same as any other group's policy.
|
||||||
|
|
||||||
## Enforced Attributes
|
## Enforced Attributes
|
||||||
|
|
||||||
|
|
@ -21,6 +21,16 @@ all accounts in Kanidm. This policy can be modified the same as any other group'
|
||||||
|
|
||||||
The maximum length in seconds that an authentication session may exist for.
|
The maximum length in seconds that an authentication session may exist for.
|
||||||
|
|
||||||
|
### Credential Type Minimum
|
||||||
|
|
||||||
|
The minimum security strength of credentials that may be assigned to this account. In order from
|
||||||
|
weakest to strongest:
|
||||||
|
|
||||||
|
* `any`
|
||||||
|
* `mfa`
|
||||||
|
* `passkey`
|
||||||
|
* `attested_passkey`
|
||||||
|
|
||||||
### Password Minimum Length
|
### Password Minimum Length
|
||||||
|
|
||||||
The minimum length for passwords (if they are allowed).
|
The minimum length for passwords (if they are allowed).
|
||||||
|
|
@ -46,6 +56,7 @@ parts.
|
||||||
| value | ordering |
|
| value | ordering |
|
||||||
| ---------------------------- | ---------------------------- |
|
| ---------------------------- | ---------------------------- |
|
||||||
| auth-expiry | smallest value |
|
| auth-expiry | smallest value |
|
||||||
|
| credential-type-minimum | largest value |
|
||||||
| password-minimum-length | largest value |
|
| password-minimum-length | largest value |
|
||||||
| privilege-expiry | smallest value |
|
| privilege-expiry | smallest value |
|
||||||
| webauthn-attestation-ca-list | intersection of equal values |
|
| webauthn-attestation-ca-list | intersection of equal values |
|
||||||
|
|
|
||||||
|
|
@ -19,12 +19,14 @@ pub enum RepNodeConfig {
|
||||||
Pull {
|
Pull {
|
||||||
#[serde(with = "x509b64")]
|
#[serde(with = "x509b64")]
|
||||||
supplier_cert: X509,
|
supplier_cert: X509,
|
||||||
|
#[serde(default)]
|
||||||
automatic_refresh: bool,
|
automatic_refresh: bool,
|
||||||
},
|
},
|
||||||
#[serde(rename = "mutual-pull")]
|
#[serde(rename = "mutual-pull")]
|
||||||
MutualPull {
|
MutualPull {
|
||||||
#[serde(with = "x509b64")]
|
#[serde(with = "x509b64")]
|
||||||
partner_cert: X509,
|
partner_cert: X509,
|
||||||
|
#[serde(default)]
|
||||||
automatic_refresh: bool,
|
automatic_refresh: bool,
|
||||||
},
|
},
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue