This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.
Specifically I'll be looking at writing Pam/nsswitch clients (or starting on) this hackweek.
For anyone who wants to participate, some good places to start:
- The Kanidm Book
- Allow password migration from other sources
- Extend default testing of "assumptions"
- Develop stress testing tools
I'm happy to help and mentor, so please get in touch!
This project is part of:
Hack Week 19
Activity
Comments
-
about 4 years ago by firstyear | Reply
It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.
Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.
- Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
- Addition of client tools to manage posix extensions to accounts and groups.
- The creation of a client localhost resolver daemon - think unbound or sssd.
- Clients that can speak to the localhost daemon via unix domain sockets.
- A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
- A nss library that can get uid/gid/name information from the localhost daemon.
- Client tools to invalidate and clear the localhost daemon cache
- An end-to-end integration test suite that can test online/offline caching behaviours
- Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.
So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.
As a small demo of the success:
id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix
This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.
-
about 4 years ago by firstyear | Reply
These are the related PR's
https://github.com/kanidm/kanidm/commit/d063d358ad958598777e27d8cb619936d736cf95
Similar Projects
Port NeuVector zero-trust security functions to host/VM by feih
Project Description
Today, NeuVector on...
Predefined app security policy template for NeuVector by feih
Project Description
Idea is to predefin...
Model checking the BPF verifier by shunghsiyu
Project Description
BPF verifier plays a ...
Relm4-based user interface for Agama by IGonzalezSosa
Motivation
Disclaimer: the idea of this pr...
toniowm by fabriziosestito
toniowm is yet another window manager written i...
(Rust) Manage systems in NetBox using NetBox-Sync by chock
[comment]: # (Please use the project descriptio...
A set of utilities to produce a "from scratch" OCI/Docker container using Opensuse/SLE rpms by ldragon
[comment]: # (Please use the project descriptio...
Waysettings by dspinella
[comment]: # (Please use the project descriptio...