Firstyear
Firstyear
Currently we only have get/list for the cli which limits capabilities in larger environments. Our cli should support "search" of these terms. May depend on #2315
After we have https://github.com/kanidm/kanidm/issues/2493 we can then start to progress all cryptographic operations to the HSM in some way so that we can protect private key and operation state with...
It's common that applications (like email, imap etc), need passwords and can't supply 2fa. Allow generation of passwords for these services, and allow them to have constrained rights related to...
Profiling of Kanidm on smaller systems such as raspberry pi or a slower x86_64 system will likely highlight low hanging optimisation opportunies for us. This can use tools from https://nnethercote.github.io/perf-book/profiling.html
Now that we have attested passkeys, there is one other possible type of stricter authentication level for enterprise users - smartcards. This uses mTLS with x509 certificates that are backed...
Today account policy is only enforced in credential update sessions. This is great to ensure that any change meets requirements, but it also means that accounts not meeting policy are...
We need to change these to have a supported cbor library.
It was recently discussed in discord that some users wish to sync data from LLDAP into Kanidm. For Kanidm to import this data a number of things are needed: *...
We should be able to attest SSH keys to ensure that they are hardware backed. This ties into #1122
It would be useful for statistics from each operation to be collected and then submitted. This could include things like number of transactions, the types of operations, how they nest,...