mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix incorrect documentation elements (#2533)

Browse source 
This adds the account-policy section for credential-type-minimums
and fixes the replication config defaults to match the documented
behaviour.
This commit is contained in:
Firstyear 2024-02-16 11:58:41 +10:00 committed by GitHub
parent 3549c8562f
commit a4c2e66afd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
book/src/accounts/policy.md
View file

@ -12,8 +12,8 @@ assigned to `idm_admin` by default.
## Default Account Policy
A default Account Policy is applied to `idm_all_accounts`. This provides the defaults that influence
all accounts in Kanidm. This policy can be modified the same as any other group's policy.
A default Account Policy is applied to `idm_all_persons`. This provides the defaults that influence
all people in Kanidm. This policy can be modified the same as any other group's policy.
## Enforced Attributes
@ -21,6 +21,16 @@ all accounts in Kanidm. This policy can be modified the same as any other group'
The maximum length in seconds that an authentication session may exist for.
### Credential Type Minimum
The minimum security strength of credentials that may be assigned to this account. In order from
weakest to strongest:
* `any`
* `mfa`
* `passkey`
* `attested_passkey`
### Password Minimum Length
The minimum length for passwords (if they are allowed).
@ -46,6 +56,7 @@ parts.
| value | ordering |
| ---------------------------- | ---------------------------- |
| auth-expiry | smallest value |
| credential-type-minimum | largest value |
| password-minimum-length | largest value |
| privilege-expiry | smallest value |
| webauthn-attestation-ca-list | intersection of equal values |

2
server/core/src/repl/config.rs
View file

@ -19,12 +19,14 @@ pub enum RepNodeConfig {
Pull {
#[serde(with = "x509b64")]
supplier_cert: X509,
#[serde(default)]
automatic_refresh: bool,
},
#[serde(rename = "mutual-pull")]
MutualPull {
#[serde(with = "x509b64")]
partner_cert: X509,
#[serde(default)]
automatic_refresh: bool,
},
/*