Comments

• 

  about 4 years ago by mvidner | Reply

  TIL: IDM = IDentity Management services

×
Edit Comment 4292
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

* Use asterisks
* for lists

This is an [example link](http://example.com/)

This is an ![example image](http://paste.opensuse.org/view/raw/68957446)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
TIL: IDM = IDentity Management services
 
×
Reply to mvidner
TIL: IDM = IDentity Management services
---
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

* Use asterisks
* for lists

This is an [example link](http://example.com/)

This is an ![example image](http://paste.opensuse.org/view/raw/68957446)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
 
• 

  about 4 years ago by firstyear | Reply

  It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.

  Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.

  • Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
  • Addition of client tools to manage posix extensions to accounts and groups.
  • The creation of a client localhost resolver daemon - think unbound or sssd.
  • Clients that can speak to the localhost daemon via unix domain sockets.
  • A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
  • A nss library that can get uid/gid/name information from the localhost daemon.
  • Client tools to invalidate and clear the localhost daemon cache
  • An end-to-end integration test suite that can test online/offline caching behaviours
  • Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.

  So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.

  As a small demo of the success:

  id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix

  This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.

×
Edit Comment 4654
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

* Use asterisks
* for lists

This is an [example link](http://example.com/)

This is an ![example image](http://paste.opensuse.org/view/raw/68957446)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
It's now the end of the hackweek, so I think it's worth giving an update on what was achieved. Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more. * Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved). * Addition of client tools to manage posix extensions to accounts and groups. * The creation of a client localhost resolver daemon - think unbound or sssd. * Clients that can speak to the localhost daemon via unix domain sockets. * A client that gets ssh authorized keys in the format needed for openssh authorized keys command. * A nss library that can get uid/gid/name information from the localhost daemon. * Client tools to invalidate and clear the localhost daemon cache * An end-to-end integration test suite that can test online/offline caching behaviours * Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc. So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks. As a small demo of the success: > id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) > getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash > getent group testgroup testgroup:x:2439676479:testunix This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.
 
×
Reply to firstyear
It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.
Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.
• Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
• Addition of client tools to manage posix extensions to accounts and groups.
• The creation of a client localhost resolver daemon - think unbound or sssd.
• Clients that can speak to the localhost daemon via unix domain sockets.
• A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
• A nss library that can get uid/gid/name information from the localhost daemon.
• Client tools to invalidate and clear the localhost daemon cache
• An end-to-end integration test suite that can test online/offline caching behaviours
• Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.
So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.
As a small demo of the success:
id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix
This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.
---
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

* Use asterisks
* for lists

This is an [example link](http://example.com/)

This is an ![example image](http://paste.opensuse.org/view/raw/68957446)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
 
• 

  about 4 years ago by firstyear | Reply

  These are the related PR's

  https://github.com/kanidm/kanidm/commit/d063d358ad958598777e27d8cb619936d736cf95

  https://github.com/kanidm/kanidm/pull/185

×
Edit Comment 4656
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

* Use asterisks
* for lists

This is an [example link](http://example.com/)

This is an ![example image](http://paste.opensuse.org/view/raw/68957446)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
These are the related PR's https://github.com/kanidm/kanidm/commit/d063d358ad958598777e27d8cb619936d736cf95 https://github.com/kanidm/kanidm/pull/185
 
×
Reply to firstyear
These are the related PR's
https://github.com/kanidm/kanidm/commit/d063d358ad958598777e27d8cb619936d736cf95
https://github.com/kanidm/kanidm/pull/185
---
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

* Use asterisks
* for lists

This is an [example link](http://example.com/)

This is an ![example image](http://paste.opensuse.org/view/raw/68957446)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview