This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

Specifically I'll be looking at writing Pam/nsswitch clients (or starting on) this hackweek.

Pam nsswitch client issue

For anyone who wants to participate, some good places to start:

I'm happy to help and mentor, so please get in touch!

Looking for hackers with the skills:

authentication security kanidm ldap radius databases rust

This project is part of:

Hack Week 19

Activity

  • almost 3 years ago: aplanas liked this project.
  • about 3 years ago: mkamprianis liked this project.
  • about 3 years ago: firstyear started this project.
  • about 3 years ago: firstyear added keyword "authentication" to this project.
  • about 3 years ago: firstyear added keyword "security" to this project.
  • about 3 years ago: firstyear added keyword "kanidm" to this project.
  • about 3 years ago: firstyear added keyword "ldap" to this project.
  • about 3 years ago: firstyear added keyword "radius" to this project.
  • about 3 years ago: firstyear added keyword "databases" to this project.
  • about 3 years ago: firstyear added keyword "rust" to this project.
  • about 3 years ago: firstyear originated this project.

  • Comments

    • mvidner
      almost 3 years ago by mvidner | Reply

      TIL: IDM = IDentity Management services

    • firstyear
      almost 3 years ago by firstyear | Reply

      It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.

      Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.

      • Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
      • Addition of client tools to manage posix extensions to accounts and groups.
      • The creation of a client localhost resolver daemon - think unbound or sssd.
      • Clients that can speak to the localhost daemon via unix domain sockets.
      • A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
      • A nss library that can get uid/gid/name information from the localhost daemon.
      • Client tools to invalidate and clear the localhost daemon cache
      • An end-to-end integration test suite that can test online/offline caching behaviours
      • Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.

      So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.

      As a small demo of the success:

      id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix

      This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.

    • firstyear

    Similar Projects

    Create tool for managing RPM package signing keys by dheidler

    [comment]: # (Please use the project descriptio...


    Rancher Token Revoker by mbolot

    [comment]: # (Please use the project descriptio...


    Run sandboxed Firefox with image and sound inside a container by nguyens

    [comment]: # (Please use the project descriptio...


    Force USB devices to be read from a virtual machine on a given PC by nguyens

    [comment]: # (Please use the project descriptio...


    Make iguana-workflow to support multiple container frontends by oholecek

    Project Description

    Iguana is an attempt ...


    Build a Unikernel that runs WebAssembly by flavio_castelli

    [comment]: # (Please use the project descriptio...


    Tafl by mrohrich

    [comment]: # (Please use the project descriptio...


    Rewrite the D-Installer CLI by IGonzalezSosa

    Project Description

    Before the openSUSE 2...


    The world crab by cdywan

    The world is changing. A mouse got lose and fel...