James Hodgkinson
James Hodgkinson
Thinking about it from a "how this is processed" perspective turns it into a bit of a challenge though because it's a filter based on: - the requesting identity (let's...
marking as a bug because the system should *totally* block that IMO
> BTW, where can I find previous versions of Debian packages? The PPA only seems to include the latest version. I'd like to do a quick bisect to identify which...
There's a `kanidm.pam` file included: https://github.com/kanidm/kanidm/blob/master/unix_integration/pam_kanidm/debian/kanidm.pam#L1
I'm guessing it's these lines: ``` Session-Type: Additional Session: optional pam_kanidm.so Password-Type: Additional Password: optional pam_kanidm.so ```
🤷🏻 I have no idea how its tooling works so someone smart with debian+PAM will have to work it out.
Why not just look at the logs for this kind of troubleshooting? Exposing this kind of information is against best practice.
Depends on #3014
I think at the very most the proxy-layer approach would be the best middle ground; adding a bunch of API endpoints and user flows to Kanidm, for a system that...
It'd be good to map out the requirements, for sure, because it's WAY too little detail to understand what's actually required so far.