SUSE Hack Week: Kanidm - Account Policy

Project Description

Kanidm is a identity management system (a store of accounts, groups and more) that supports authentication to opensuse, web sites, networks, and more. The project has a focus on respect of humans, correctness, simplicity and performance. In previous hackweeks we have implemented cryptographic authentication (webauthn), wasm based web UI, replication foundations and more.

People of all skills levels and backgrounds are encouraged to join this project - we'd love to mentor, support and help you be a contributor!

Goal for this Hackweek

William's goal is to implement account policy - allowing administrators to control and define what fido keys can be used, password quality restrictions, session lengths and more.

However you may have your own ideas on what you want to contribute - there are many ways to improve Kanidm!

Resources

Join this project Leave this project

Looking for hackers with the skills:

identity idm ldap authentication rust

This project is part of:

Hack Week 23

Activity

about 2 years ago: toe liked this project.

about 2 years ago: itorres liked this project.

about 2 years ago: uncomfyhalomacro liked this project.

about 2 years ago: firstyear added keyword "identity" to this project.

about 2 years ago: firstyear added keyword "idm" to this project.

about 2 years ago: firstyear added keyword "ldap" to this project.

about 2 years ago: firstyear added keyword "authentication" to this project.

about 2 years ago: firstyear added keyword "rust" to this project.

about 2 years ago: firstyear started this project.

about 2 years ago: firstyear originated this project.

Comments

Be the first to comment!

Similar Projects

rust

Mail client with mailing list workflow support in Rust by acervesato

Description

To create a mail user interface using Rust programming language, supporting mailing list patches workflow. I know, aerc is already there, but I would like to create something simpler, without integrated protocols. Just a plain user interface that is using some crates to read and create emails which are fetched and sent via external tools.

I already know Rust, but not the async support, which is needed in this case in order to handle events inside the mail folder and to send notifications.

Goals

simple user interface in the style of aerc, with some vim keybindings for motions and search
automatic run of external tools (like mbsync) for checking emails
automatic run commands for notifications
apply patch set from ML
tree-sitter support with styles

Resources

ratatui: user interface (https://ratatui.rs/)
notify: folder watcher (https://docs.rs/notify/latest/notify/)
mail-parser: parser for emails (https://crates.io/crates/mail-parser)
mail-builder: create emails in proper format (https://docs.rs/mail-builder/latest/mail_builder/)
gitpatch: ML support (https://crates.io/crates/gitpatch)
tree-sitter-rust: support for mail format (https://crates.io/crates/tree-sitter)

Build a terminal user-interface (TUI) for Agama by IGonzalezSosa

Description

Officially, Agama offers two different user interfaces. On the one hand, we have the web-based interface, which is the one you see when you run the installation media. On the other hand, we have a command-line interface. In both cases, you can use them using a remote system, either using a browser or the agama CLI.

We would expect most of the cases to be covered by this approach. However, if you cannot use the web-based interface and, for some reason, you cannot access the system through the network, your only option is to use the CLI. This interface offers a mechanism to modify Agama's configuration using an editor (vim, by default), but perhaps you might want to have a more user-friendly way.

Goals

The main goal of this project is to built a minimal terminal user-interface for Agama. This interface will allow the user to install the system providing just a few settings (selecting a product, a storage device and a user password). Then it should report the installation progress.

Resources

https://agama-project.github.io/
https://ratatui.rs/

Conclusions

We have summarized our conclusions in a pull request. It includes screenshots ;-) We did not implement all the features we wanted, but we learn a lot during the process. We know that, if needed, we could write a TUI for Agama and we have an idea about how to build it. Good enough.

Learn how to use the Relm4 Rust GUI crate by xiaoguang_wang

Relm4 is based on gtk4-rs and compatible with libadwaita. The gtk4-rs crate provides all the tools necessary to develop applications. Building on this foundation, Relm4 makes developing more idiomatic, simpler, and faster.

https://github.com/Relm4/Relm4

RMT.rs: High-Performance Registration Path for RMT using Rust by gbasso

Description

The SUSE Repository Mirroring Tool (RMT) is a critical component for managing software updates and subscriptions, especially for our Public Cloud Team (PCT). In a cloud environment, hundreds or even thousands of new SUSE instances (VPS/EC2) can be provisioned simultaneously. Each new instance attempts to register against an RMT server, creating a "thundering herd" scenario.

We have observed that the current RMT server, written in Ruby, faces performance issues under this high-concurrency registration load. This can lead to request overhead, slow registration times, and outright registration failures, delaying the readiness of new cloud instances.

This Hackweek project aims to explore a solution by re-implementing the performance-critical registration path in Rust. The goal is to leverage Rust's high performance, memory safety, and first-class concurrency handling to create an alternative registration endpoint that is fast, reliable, and can gracefully manage massive, simultaneous request spikes.

The new Rust module will be integrated into the existing RMT Ruby application, allowing us to directly compare the performance of both implementations.

Goals

The primary objective is to build and benchmark a high-performance Rust-based alternative for the RMT server registration endpoint.

Key goals for the week:

Analyze & Identify: Dive into the SUSE/rmt Ruby codebase to identify and map out the exact critical path for server registration (e.g., controllers, services, database interactions).
Develop in Rust: Implement a functionally equivalent version of this registration logic in Rust.
Integrate: Explore and implement a method for Ruby/Rust integration to "hot-wire" the new Rust module into the RMT application. This may involve using FFI, or libraries like rb-sys or magnus.
Benchmark: Create a benchmarking script (e.g., using k6, ab, or a custom tool) that simulates the high-concurrency registration load from thousands of clients.
Compare & Present: Conduct a comparative performance analysis (requests per second, latency, success/error rates, CPU/memory usage) between the original Ruby path and the new Rust path. The deliverable will be this data and a summary of the findings.

Resources

RMT Source Code (Ruby):
- https://github.com/SUSE/rmt
RMT Documentation:
- https://documentation.suse.com/sles/15-SP7/html/SLES-all/book-rmt.html
Tooling & Stacks:
- RMT/Ruby development environment (for running the base RMT)
- Rust development environment (rustup, cargo)
Potential Integration Libraries:
- rb-sys: https://github.com/oxidize-rb/rb-sys
- Magnus: https://github.com/matsadler/magnus
Benchmarking Tools:
- k6 (https://k6.io/)
- ab (ApacheBench)

Looking at Rust if it could be an interesting programming language by jsmeix

Get some basic understanding of Rust security related features from a general point of view.

This Hack Week project is not to learn Rust to become a Rust programmer. This might happen later but it is not the goal of this Hack Week project.

The goal of this Hack Week project is to evaluate if Rust could be an interesting programming language.

An interesting programming language must make it easier to write code that is correct and stays correct when over time others maintain and enhance it than the opposite.