oddlama

Sounds great! But I have to say that I can't say right now when I will have time to look at this

The yubikey is only used to re-encrypt the secrets for the target hosts. You posted output of the agenix service at runtime on your target host. This will never use...

Is there any update to this? My mail server (stalwart) requires this field to return valid information since I am serving multiple domains.

Also if we don't need protocollib anymore, can you do a quick find-in-all-files in the codebase to see if there are any mentions left? I think it would be good...

Not sure what's the best way to handle these, currently assert internal consistency which obviously results in the rejection of unknown groups. But i do see the value of using...

I tried to reproduce today but unfortunately I didn't manage to get any connection refusals :/ I'm not entirely sure why this is happening, is there maybe something in your...

> That being said: It seems like there ought to be a way to make some assumptions about a simple workflow that has a single yubikey connected with one or...

> For instance, the current documentation says you can drop in one of about 4 different kinds of identity, but doesn't specify how to acquire any of them. When using...

On a related note: You cannot represent int64 min in nix as a literal. My guess is that the parser only parses the positive part and then negates the result...

Thank you, this looks great. Btw have you seen https://github.com/oddlama/kanidm-provision/issues/10 ? I think your approach may be even simpler than what I proposed there. @AleXoundOS would this PR solve your...