This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

Specifically I'll be looking at writing Pam/nsswitch clients (or starting on) this hackweek.

Pam nsswitch client issue

For anyone who wants to participate, some good places to start:

I'm happy to help and mentor, so please get in touch!

Looking for hackers with the skills:

authentication security kanidm ldap radius databases rust

This project is part of:

Hack Week 19

Activity

  • over 1 year ago: aplanas liked this project.
  • over 1 year ago: mkamprianis liked this project.
  • over 1 year ago: firstyear started this project.
  • over 1 year ago: firstyear added keyword "authentication" to this project.
  • over 1 year ago: firstyear added keyword "security" to this project.
  • over 1 year ago: firstyear added keyword "kanidm" to this project.
  • over 1 year ago: firstyear added keyword "ldap" to this project.
  • over 1 year ago: firstyear added keyword "radius" to this project.
  • over 1 year ago: firstyear added keyword "databases" to this project.
  • over 1 year ago: firstyear added keyword "rust" to this project.
  • All Activity

    Comments

    • mvidner
      over 1 year ago by mvidner | Reply

      TIL: IDM = IDentity Management services

    • firstyear
      over 1 year ago by firstyear | Reply

      It's now the end of the hackweek, so I think it's worth giving an update on what was achieved.

      Two (very large) PR's were created, at +2,457 -35 and +1,675 -143. This covered a lot of needed functionality, testing and more.

      • Server side generation of unix account and group tokens (blobs of data that represent everything needed for auth/identity to be resolved).
      • Addition of client tools to manage posix extensions to accounts and groups.
      • The creation of a client localhost resolver daemon - think unbound or sssd.
      • Clients that can speak to the localhost daemon via unix domain sockets.
      • A client that gets ssh authorized keys in the format needed for openssh authorized keys command.
      • A nss library that can get uid/gid/name information from the localhost daemon.
      • Client tools to invalidate and clear the localhost daemon cache
      • An end-to-end integration test suite that can test online/offline caching behaviours
      • Handling of many edge cases such as account updates, cache invalidation, deleting groups, etc.

      So this puts us in a great spot for next completing the pam module, and getting this all packaged into https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm in the coming weeks.

      As a small demo of the success:

      id testunix uid=3524161420(testunix) gid=3524161420(testunix) groups=3524161420(testunix),2439676479(testgroup) getent passwd testunix testunix:x:3524161420:3524161420:testunix:/home/testunix:/bin/bash getent group testgroup testgroup:x:2439676479:testunix

      This is on opensuse tumbleweed with libnss_kanidm.so.2, and the git master with the PR's applied.

    • firstyear
      over 1 year ago by firstyear | Reply

      These are the related PR's

      https://github.com/kanidm/kanidm/commit/d063d358ad958598777e27d8cb619936d736cf95

      https://github.com/kanidm/kanidm/pull/185

    Similar Projects

    Kanidm - A modern opensource IDM by firstyear

    Project Description

    Kanidm is a modern, fas...


    Dawnscanner: revive the project and create an RPM package by pperego

    [comment]: # (Please use the project descriptio...


    Kanidm - A modern opensource IDM by firstyear

    Project Description

    Kanidm is a modern, fas...


    Write an url shortener in Rust (And learn in the way) by szarate

    So I have 469.icu :), it's currently doing noth...


    Semi-automated XMLRPC based tool for uyuni testing written in Rust language by lkotek

    [comment]: # (Please use the project descriptio...


    Sharing logic between desktop and web based applications through WASM by IGonzalezSosa

    Project Description

    A few months ago, the...


    Kanidm - A modern opensource IDM by firstyear

    Project Description

    Kanidm is a modern, fas...


    knots by LarsMB

    Summary

    knots aims to be a multi-node S3...