This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

Specifically I'll be looking at writing Pam/nsswitch clients (or starting on) this hackweek.

Pam nsswitch client issue

For anyone who wants to participate, some good places to start:

I'm happy to help and mentor, so please get in touch!

Looking for hackers with the skills:

authentication security kanidm ldap radius databases rust

This project is part of:

Hack Week 19

Activity

  • over 2 years ago: aplanas liked this project.
  • over 2 years ago: mkamprianis liked this project.
  • over 2 years ago: firstyear started this project.
  • over 2 years ago: firstyear added keyword "authentication" to this project.
  • over 2 years ago: firstyear added keyword "security" to this project.
  • over 2 years ago: firstyear added keyword "kanidm" to this project.
  • over 2 years ago: firstyear added keyword "ldap" to this project.
  • over 2 years ago: firstyear added keyword "radius" to this project.
  • over 2 years ago: firstyear added keyword "databases" to this project.
  • over 2 years ago: firstyear added keyword "rust" to this project.
  • over 2 years ago: firstyear originated this project.

  • Comments

    • mvidner
      over 2 years ago by mvidner | Reply

      TIL: IDM = IDentity Management services

    • firstyear
      over 2 years ago by firstyear | Reply

      It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.

      Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.

      • Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
      • Addition of client tools to manage posix extensions to accounts and groups.
      • The creation of a client localhost resolver daemon - think unbound or sssd.
      • Clients that can speak to the localhost daemon via unix domain sockets.
      • A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
      • A nss library that can get uid/gid/name information from the localhost daemon.
      • Client tools to invalidate and clear the localhost daemon cache
      • An end-to-end integration test suite that can test online/offline caching behaviours
      • Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.

      So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.

      As a small demo of the success:

      id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix

      This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.

    • firstyear

    Similar Projects

    Kanidm - Modern Opensource Identity Management by firstyear

    Project Description

    Kanidm is a identity ma...


    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...


    Learn more about Application Security (AppSec) Open Source Tools and Testing Techniques by heidi.bronson

    [comment]: # (Please use the project descriptio...


    FIDO2 emulation by mkoutny

    [comment]: # (Please use the project descriptio...


    Kanidm - Modern Opensource Identity Management by firstyear

    Project Description

    Kanidm is a identity ma...


    Explore Crev as collaborative code audit by pperego

    Project Description

    Crev [1] is a collabo...


    Kanidm - Modern Opensource Identity Management by firstyear

    Project Description

    Kanidm is a identity ma...


    Rust in linux kernel by dsterba

    [comment]: # (Please use the project descriptio...


    Project Verifree : internal key server(s) by mcaj

    Project description

    The project Verifree...


    rinit by dspinella

    [comment]: # (Please use the project descriptio...


    Give back to Wezterm by mpagot

    [comment]: # (Please use the project descriptio...


    Improve zypp-gui tool by xiaoguang_wang

    zypp-gui is a gui tool to update the system and...