This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.
Specifically I'll be looking at writing Pam/nsswitch clients (or starting on) this hackweek.
For anyone who wants to participate, some good places to start:
- The Kanidm Book
- Allow password migration from other sources
- Extend default testing of "assumptions"
- Develop stress testing tools
I'm happy to help and mentor, so please get in touch!
This project is part of:
Hack Week 19
Activity
Comments
-
over 4 years ago by firstyear | Reply
It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.
Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.
- Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
- Addition of client tools to manage posix extensions to accounts and groups.
- The creation of a client localhost resolver daemon - think unbound or sssd.
- Clients that can speak to the localhost daemon via unix domain sockets.
- A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
- A nss library that can get uid/gid/name information from the localhost daemon.
- Client tools to invalidate and clear the localhost daemon cache
- An end-to-end integration test suite that can test online/offline caching behaviours
- Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.
So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.
As a small demo of the success:
id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix
This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.
Similar Projects
Kanidm: A safe and modern IDM system by firstyear
Kanidm is an IDM system written in Rust for mod...
Kanidm: A safe and modern IDM system by firstyear
Kanidm is an IDM system written in Rust for mod...
Kanidm: A safe and modern IDM system by firstyear
Kanidm is an IDM system written in Rust for mod...
Kanidm: A safe and modern IDM system by firstyear
Kanidm is an IDM system written in Rust for mod...