* implementation of passkeys as an auth mech
* listing the current passkeys when asking to remove one
* tweaking insecure dev server config so passkeys will work
* Fix domain rename
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
Fixes#180 - this adds an oddjobd style tasks daemon to the unix tools. This supports creation of home directories and the maintenance of alias symlinks to these allowing user renames. The tasks daemon is written to require root, but is seperate from the unixd daemon. Communication is via a root-only unix socket that the task daemon connects into to reduce the possibility of exploit.
Fixes#369 due to the changes to call_daemon_blocking
adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password.
Implements #12, TOTP. This adds support for TOTP to the api and server, with server side token generation, authentication and the correct URI for encoding into QR codes for client token addition. Some extra measures have been taken such as in the stepped auth to always notify on the success or failure of the TOTP first (regardless of order) to prevent PW bruteforce attacks.
Implements #129, pam and nsswitch daemon capability. This is stage 1, which adds a localhost unix domain socket resolver, a ssh key client, support to the server for generating unix tokens, an async client lib, and client handles for adding posix extensions to accounts and groups.
This adds support for authentication and credential storage to the server.
It also adds account recovery and options for integration test fixtures, refactors
to make the client library easier to manage, and support clean seperation of the
proto vs lib.
This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are *not* part of this yet.
This also adds a few missing files from a previous commit mistake. Opps!
Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
