kanidm

mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00

Author	SHA1	Message	Date
Firstyear	9c2825b9dc	Improve spans in unixd (#3397 ) Some areas of the code were emitting 0 uuids, rather than associating a client/connection uuid. This improves the startup and client handling code so that we have stable uuids present during operation.	2025-02-05 01:33:30 +00:00
dependabot[bot]	ed76bdbfb1	Bump the all group with 22 updates (#3376 ) * Bump the all group with 22 updates Bumps the all group with 22 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [async-trait](https://github.com/dtolnay/async-trait) \| `0.1.83` \| `0.1.85` \| \| [bitflags](https://github.com/bitflags/bitflags) \| `2.6.0` \| `2.8.0` \| \| [clap](https://github.com/clap-rs/clap) \| `4.5.23` \| `4.5.27` \| \| [clap_complete](https://github.com/clap-rs/clap) \| `4.5.40` \| `4.5.42` \| \| [lodepng](https://github.com/kornelski/lodepng-rust) \| `3.10.7` \| `3.11.0` \| \| [openssl](https://github.com/sfackler/rust-openssl) \| `0.10.68` \| `0.10.69` \| \| [proc-macro2](https://github.com/dtolnay/proc-macro2) \| `1.0.92` \| `1.0.93` \| \| [reqwest](https://github.com/seanmonstar/reqwest) \| `0.12.11` \| `0.12.12` \| \| [rustls](https://github.com/rustls/rustls) \| `0.23.20` \| `0.23.21` \| \| [sd-notify](https://github.com/lnicola/sd-notify) \| `0.4.4` \| `0.4.5` \| \| [serde_json](https://github.com/serde-rs/json) \| `1.0.134` \| `1.0.137` \| \| [syn](https://github.com/dtolnay/syn) \| `2.0.93` \| `2.0.96` \| \| [tempfile](https://github.com/Stebalien/tempfile) \| `3.14.0` \| `3.15.0` \| \| [tokio](https://github.com/tokio-rs/tokio) \| `1.42.0` \| `1.43.0` \| \| [uuid](https://github.com/uuid-rs/uuid) \| `1.11.0` \| `1.12.1` \| \| [oauth2](https://github.com/ramosbugs/oauth2-rs) \| `4.4.2` \| `5.0.0` \| \| [cc](https://github.com/rust-lang/cc-rs) \| `1.2.6` \| `1.2.10` \| \| [axum-extra](https://github.com/tokio-rs/axum) \| `0.9.6` \| `0.10.0` \| \| [axum-macros](https://github.com/tokio-rs/axum) \| `0.4.2` \| `0.5.0` \| \| [fantoccini](https://github.com/jonhoo/fantoccini) \| `0.21.3` \| `0.21.4` \| \| [petgraph](https://github.com/petgraph/petgraph) \| `0.6.5` \| `0.7.1` \| \| [jsonschema](https://github.com/Stranger6667/jsonschema) \| `0.28.0` \| `0.28.3` \| Updates `async-trait` from 0.1.83 to 0.1.85 - [Release notes](https://github.com/dtolnay/async-trait/releases) - [Commits](https://github.com/dtolnay/async-trait/compare/0.1.83...0.1.85) Updates `bitflags` from 2.6.0 to 2.8.0 - [Release notes](https://github.com/bitflags/bitflags/releases) - [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md) - [Commits](https://github.com/bitflags/bitflags/compare/2.6.0...2.8.0) Updates `clap` from 4.5.23 to 4.5.27 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.23...clap_complete-v4.5.27) Updates `clap_complete` from 4.5.40 to 4.5.42 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.42) Updates `lodepng` from 3.10.7 to 3.11.0 - [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.7...v3.11.0) Updates `openssl` from 0.10.68 to 0.10.69 - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69) Updates `proc-macro2` from 1.0.92 to 1.0.93 - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.92...1.0.93) Updates `reqwest` from 0.12.11 to 0.12.12 - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.11...v0.12.12) Updates `rustls` from 0.23.20 to 0.23.21 - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustls/rustls/compare/v/0.23.20...v/0.23.21) Updates `sd-notify` from 0.4.4 to 0.4.5 - [Changelog](https://github.com/lnicola/sd-notify/blob/master/CHANGELOG.md) - [Commits](https://github.com/lnicola/sd-notify/compare/v0.4.4...v0.4.5) Updates `serde_json` from 1.0.134 to 1.0.137 - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.134...v1.0.137) Updates `syn` from 2.0.93 to 2.0.96 - [Release notes](https://github.com/dtolnay/syn/releases) - [Commits](https://github.com/dtolnay/syn/compare/2.0.93...2.0.96) Updates `tempfile` from 3.14.0 to 3.15.0 - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stebalien/tempfile/compare/v3.14.0...v3.15.0) Updates `tokio` from 1.42.0 to 1.43.0 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.42.0...tokio-1.43.0) Updates `uuid` from 1.11.0 to 1.12.1 - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](https://github.com/uuid-rs/uuid/compare/1.11.0...1.12.1) Updates `oauth2` from 4.4.2 to 5.0.0 - [Release notes](https://github.com/ramosbugs/oauth2-rs/releases) - [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md) - [Commits](https://github.com/ramosbugs/oauth2-rs/compare/4.4.2...5.0.0) Updates `cc` from 1.2.6 to 1.2.10 - [Release notes](https://github.com/rust-lang/cc-rs/releases) - [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md) - [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.6...cc-v1.2.10) Updates `axum-extra` from 0.9.6 to 0.10.0 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.6...axum-extra-v0.10.0) Updates `axum-macros` from 0.4.2 to 0.5.0 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.2...axum-macros-v0.5.0) Updates `fantoccini` from 0.21.3 to 0.21.4 - [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.3...v0.21.4) Updates `petgraph` from 0.6.5 to 0.7.1 - [Changelog](https://github.com/petgraph/petgraph/blob/master/RELEASES.rst) - [Commits](https://github.com/petgraph/petgraph/compare/petgraph@v0.6.5...petgraph@v0.7.1) Updates `jsonschema` from 0.28.0 to 0.28.3 - [Release notes](https://github.com/Stranger6667/jsonschema/releases) - [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.28.0...rust-v0.28.3) --- updated-dependencies: - dependency-name: async-trait dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: bitflags dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: clap_complete dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: lodepng dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: openssl dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: proc-macro2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: rustls dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sd-notify dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: syn dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: tempfile dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: uuid dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: oauth2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: cc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: axum-extra dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: axum-macros dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: fantoccini dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: petgraph dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * ok the otel stuff works now * linting fixes * fix: less parse more from_str, adding a todo * fix: removing a TODO --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2025-01-29 13:57:38 +10:00
Firstyear	226274da23	20250102 freebsd client (#3333 ) Support freebsd as a unix client	2025-01-04 09:22:44 +10:00
Jinna Kiisuo	5eb9a4430f	fix: PAM on Debian, enable use_first_pass by default (#3326 ) Since we use Debian's PAM autoconf, pam_unix isn't disabled and remains active. This means pam_unix triggers first and pam_kanidm should use the password it already tried to match to a local user. This change also moves the postinst hook for PAM config correctly to the libpam-kanidm package, since that's the one that delivers the config that needs a reinstall!	2025-01-01 08:40:14 +10:00
Firstyear	c4441c1fca	nss/pam resolver should reauth faster (#3309 ) This can have visible impacts on accounts that don't have a pam password cached yet, but then appear to "stall" for a minute or two until it works due to the fact that the provider was offline and waiting to reauth. When we are still connected but our provider auth session has expired we should reconnect faster. This reduces the timeout for reauthentication for the provider so that it can return to the online state sooner. We also loop when we detect the provider session is no longer authenticated so that we can reauth immediately, rather than causing a noticable interuption.	2024-12-21 07:08:39 +00:00
James Hodgkinson	b6f63f3605	kanidm-unixd example config enfixening (#3314 ) * kanidm-unixd default config via PPA problem with version 2 on debian bookworm Fixes #3312 * fix(coverage): moving to using cargo-tarpaulin * kanidm-unixd default config via PPA problem with version 2 on debian bookworm Fixes #3312	2024-12-21 15:17:12 +10:00
Firstyear	eba8dff23a	Ignore system users for UPG synthesiseation (#3297 ) Our unix resolver would attempt the right thing to synthesise user private groups on linux as these are an important security boundary. However, it turns out that almost every distro has botched their default system user accounts, and many are installed with numeric-only UPGs that don't resolve. In the case that later the user does attempt to fix that, because we synthesised as UPG for the system account, the user trying to add the UPG would now fail. In some cases this could cause system updates to be prevented from installing. This change limits UPG synth to user accounts only (uid > 1000) which is the common uid boundary on unix-like platforms.	2024-12-17 13:08:17 +10:00
James Hodgkinson	516874460b	Canonicalize path for user shell check (#3265 )	2024-12-04 11:55:30 +10:00
Firstyear	8bbdf6bd6a	Clear invalid tokens from unix resolver (#3256 )	2024-11-30 06:32:10 +00:00
Firstyear	db101e6d26	Clippy Lints (#3255 )	2024-11-30 06:13:26 +00:00
Firstyear	52987ab8b2	Display account_id during success/deny paths in unixd (#3253 )	2024-11-30 13:57:01 +10:00
James Hodgkinson	a5adf8bcad	handle missing map_group setting in config (#3242 )	2024-11-29 02:03:48 +00:00
Firstyear	d2f5e13c97	Warn when v2 options are used in v1 unixd config (#3228 ) Options like map_group would fail silently when version=2 wasn't set in our unix config. this detects that case and warns that it is occuring. To prevent this in the future, we deny unknown keys in v2 so that if (when?) we add v3, new keys will cause an error.	2024-11-22 02:02:04 +00:00
Firstyear	ce0ad8f854	Harden transport in pam unixd (#3227 ) In some cases if the transport drops out from underneath unixd, it can be difficult to diagnose and leads to inconsistent errors and output such as prompting for a password multiple times when it can't succeed. This makes it clearer that the transport had an error, and it denies the inflight authsession to prevent spurious password prompts.	2024-11-21 07:43:14 +00:00
Firstyear	c96e9772c7	Resolve pam services not always having a tty (#3176 )	2024-11-05 00:49:33 +00:00
Firstyear	ea1fcf59e5	Resolve incorrect handling of rhost in pam (#3171 )	2024-11-03 00:13:26 +00:00
George Wu	d2c329f330	Change to text input and use numeric mode for TOTP prompts. (#3154 ) * Change to text input and use inputmode numeric for TOTP prompts. * Fix some typos.	2024-10-27 23:57:28 +00:00
Firstyear	2e6d940691	Remove WASM (#3148 ) liberal party took over, more cuts	2024-10-26 17:19:13 +10:00
Firstyear	4c2eeeb135	Update docs, improve locking (#3141 )	2024-10-25 09:42:52 +10:00
Firstyear	c9bf304bc0	Improve handling of inaccesible shadow file (#3122 )	2024-10-19 07:36:27 +00:00
James Hodgkinson	68119e1067	more errors for the people (#3121 )	2024-10-18 23:51:45 +00:00
Firstyear	dc5f40d404	20241017 unixd home (#3113 )	2024-10-18 05:06:33 +00:00
Firstyear	50e513b30b	Add nss testframework and fallback when daemon offline (#3093 )	2024-10-15 04:05:51 +00:00
Jinna Kiisuo	03645c8bf2	Improve deb packaging, add aarch64 (#3083 ) * feat: Rebuild the deb packaging flow fix: Add more sudo, GHA likes sudo fix: Give build_debs.sh only the triplet argument fix: Work around more GHA weirdness in apt sources Drop crossbuild as it was only used by debian packaging docs: Update book and other docs for packaging flow feat: package kanidm_tools aka kanidm cli docs: Update packaging docs for latest process and clarity fix: use full triple in sdynlib variants fix: Correct kanidm.pam asset placement fix: Give pam & nss modules a description so the debs get it fix: Work around wonky libssl3 naming in Ubuntu 24.04 fix: Place kanidm bin correctly :3 feat: Pin all blame on @yaleman :3 WIP: Swap out the submodule reference. Still not the final one though. refactor: Switch kanidm-pam & kanidm-nss to mandatory deps While in theory unixd will start and run without them, it also won't do anything useful. fix: explicit depends for nss & pam libs without versions We build the debs on the ubuntu24.04 GHA runner so automatic pins versions that are too new for 22.04. Ideally we'd run cargo-deb also on the target images but that'll have to be a future improvement. * refactor: Switch nss_kanidm & pam_kanidm package naming closer to debian guidance * feat: Attempt enabling unixd by default with secure defaults * fix: Relax config permissions so the kanidm user can read Also, update postinst config instructions	2024-10-15 02:27:48 +00:00
Firstyear	20b2d40215	Add support for group extension (#3081 )	2024-10-03 06:33:56 +00:00
Firstyear	131ff80b32	20240921 ssh keys and unix password in credential update session (#3056 )	2024-10-03 05:57:18 +00:00
CEbbinghaus	d109622d71	Make good on some TechDebt (#3084 ) adds MissingClass & MissingAttribute OperationError kinds to more strongly type our error messages.	2024-10-03 10:48:28 +10:00
Firstyear	cf63c6b98b	Complete the implementation of the posix account cache (#3041 ) Allow caching and checking of shadow entries (passwords) Cache and serve system id's improve some security warnings prepare for multi-resolver Allow the kanidm provider to be not configured Allow group extension	2024-10-02 02:12:13 +00:00
Adam C. Stephens	1161da69ef	generate completions for elvish and fish (#3015 )	2024-09-03 23:50:59 +00:00
James Hodgkinson	3eae7be0bb	OAuth2 Token Type (#3008 ) * fix(OAuth2): Invalid `token_type` for token introspection Fixes #3005 * fix(aut): `assert_eq` instead of `assert ==` * fix(OAuth2): IANA registry access token types * fix(OAuth2): deserialize case insensitively	2024-08-25 23:30:20 +00:00
James Hodgkinson	7c3deab2c4	enforcen den clippen (#2990 ) * enforcen den clippen * updating outdated oauth2-related docs * sorry clippy, we tried	2024-08-21 00:32:56 +00:00
Firstyear	b1099dfa3b	Foundations of pam/nss multi resolver This starts the support for multi-resolver operation as well as a system level nss resolver. In future we'll add the remaining support to auth system users with pam too.	2024-08-15 23:54:35 +00:00
Firstyear	d19bd99c0d	Prevent bug in pam (#2960 ) * Prevent bug in pam * Pointer tidy	2024-08-09 20:12:34 +10:00
James Hodgkinson	2a7a009482	clippying all the things (#2931 ) * clippying all the things	2024-07-26 07:02:37 +00:00
Firstyear	7bbb193cdf	20240725 allow connection to older servers (#2930 ) Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-07-25 16:11:14 +10:00
Firstyear	0836118443	20240716 check mkdir (#2906 )	2024-07-17 01:11:11 +00:00
Firstyear	faef3d0a4b	Fix issues with suspend reported by himmelblau (#2911 )	2024-07-17 10:33:04 +10:00
Anton Loukianov	028e7c1694	Implement home_mount_path logic (#2894 )	2024-07-16 00:34:11 +00:00
James Hodgkinson	eddec88429	making the internals of kanidmclientconfig public for other users (#2895 ) * making the internals of kanidmclientconfig public for other users * clippyisms	2024-07-15 10:28:23 +00:00
Firstyear	0ce333ff5a	Allow providers to be box dyn (#2794 ) * Allow providers to be box dyn in kanidm_unixd * Massive refactor	2024-06-16 22:21:25 +00:00
Joshua M. Clulow	e591b5f2cc	illumos support (#2838 ) * disable mimalloc on illumos, in part because it immediately segfaults, but also because we prefer libumem and link it into all Rust binaries * switch from fs2 (unmaintained crate) to fs4 which provides the same interface and has wider platform support	2024-06-15 05:20:11 +00:00
Firstyear	9c4e8bb90a	20240611 performance (#2836 ) While basking under the shade of the coolabah tree, I was overcome by an intense desire to improve the performance and memory usage of Kanidm. This pr reduces a major source of repeated small clones, lowers default log level in testing, removes some trace fields that are both large and probably shouldn't be traced, and also changes some lto settings for release builds.	2024-06-12 16:48:49 -07:00
dependabot[bot]	a3f66225de	Bump the all group with 7 updates (#2811 ) * Bump the all group with 7 updates Bumps the all group with 7 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [kanidm-hsm-crypto](https://github.com/kanidm/hsm-crypto) \| `0.1.6` \| `0.2.0` \| \| [base64](https://github.com/marshallpierce/rust-base64) \| `0.21.7` \| `0.22.1` \| \| [lru](https://github.com/jeromefroe/lru-rs) \| `0.8.1` \| `0.12.3` \| \| [proc-macro2](https://github.com/dtolnay/proc-macro2) \| `1.0.84` \| `1.0.85` \| \| [tokio](https://github.com/tokio-rs/tokio) \| `1.37.0` \| `1.38.0` \| \| [axum-auth](https://github.com/owez/axum-auth) \| `0.4.1` \| `0.7.0` \| \| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) \| `0.17.1` \| `0.18.0` \| Updates `kanidm-hsm-crypto` from 0.1.6 to 0.2.0 - [Commits](https://github.com/kanidm/hsm-crypto/commits) Updates `base64` from 0.21.7 to 0.22.1 - [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md) - [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.21.7...v0.22.1) Updates `lru` from 0.8.1 to 0.12.3 - [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/jeromefroe/lru-rs/compare/0.8.1...0.12.3) Updates `proc-macro2` from 1.0.84 to 1.0.85 - [Release notes](https://github.com/dtolnay/proc-macro2/releases) - [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.84...1.0.85) Updates `tokio` from 1.37.0 to 1.38.0 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.37.0...tokio-1.38.0) Updates `axum-auth` from 0.4.1 to 0.7.0 - [Commits](https://github.com/owez/axum-auth/commits) Updates `jsonschema` from 0.17.1 to 0.18.0 - [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases) - [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.17.1...rust-v0.18.0) --- updated-dependencies: - dependency-name: kanidm-hsm-crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: base64 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: lru dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: proc-macro2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: axum-auth dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * updating for kanidm-hsm change --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2024-06-08 11:25:09 +00:00
James Hodgkinson	1d0a606e69	WIP: serialization and domain info setting wonkiness (#2791 )	2024-05-28 11:49:30 +10:00
Firstyear	1e4f6e85ca	Revive Cookies. (#2788 ) * Revive Cookies. * change from tikv-jemalloc to mimalloc.	2024-05-23 00:45:42 +00:00
David Mulder	ac9a90abf3	Fix PIN and MFA Code pam prompts (#2759 ) These are currently awkward on the command line because the ': ' is missing. Signed-off-by: David Mulder <dmulder@samba.org>	2024-05-15 16:21:38 +00:00
James Hodgkinson	7964f55d59	strip out some debug messages unless really debugging. (#2767 ) * kanidm cli logs on debug level - Fixes #2745 * such clippy like wow * It's important for a wordsmith to know when to get its fixes in. * updootin' wasms	2024-05-14 14:56:55 +10:00
James Hodgkinson	f86c2c4f8c	updating text to fix typo, add more info (#2761 )	2024-05-14 01:49:54 +00:00
David Mulder	bec8c9058c	Windows Hello Authentication requirements (#2688 ) * Add keystore to unix_user_online_auth_init Himmelblau needs this to check whether the device is enrolled in the domain (via the presence of TPM keys), to know whether to attempt Windows Hello PIN auth, or to enroll first in the domain. Signed-off-by: David Mulder <dmulder@samba.org> * Implement PIN setup After enrolling in a domain, Himmelblau will prompt the user to choose a pin, which will be the auth value for an associated Windows Hello TPM key. We loop here until the values match. Otherwise no validation is performed. Validation can be done by the id provider, and can send an additional request to PAM if the PIN is invalid. Signed-off-by: David Mulder <dmulder@samba.org> * Add Pin authentication After setting up a Windows Hello pin, users can authentication using this pin. Signed-off-by: David Mulder <dmulder@samba.org>	2024-04-05 08:50:37 +10:00
Firstyear	c09daa4643	kanidm unixd mfa capabilities (#2672 ) Improve the support for the resolver to support MFA options with pam. This enables async task spawning and cancelation via the resolver backend as well. Co-authored-by: David Mulder <dmulder@samba.org>	2024-03-28 01:17:21 +00:00

1 2 3

129 commits