James Hodgkinson
James Hodgkinson
From a CLI -> credential perspective, maybe a slightly more hierarchical tree like this? ``` $ kanidm self ├ credential | ├ totp | | ├ generate_backup_codes │ | ├...
I'd probably move "trusted devices" up a layer in the tree, since while they are *technically* credentials if you squint, I'm not sure that's as ergonomic. And the children of...
I'd assume that non-technical folks will likely be using the Web-UI for provisioning, and CLI-lovers will be able to parse the incremental complexity of "self" vs other tasks? It's an...
I can confirm that `kanidm` (the CLI) builds on Windows - and is automated https://github.com/kanidm/kanidm/actions/workflows/windows_build.yml
Once #903 is merged, kanidmd's also working 😄
Nice! Thanks for testing!
Looks like it? #905 has been opened to implement the missing file permission checks, there's a few requests in the original issue description that I have no clue about though...
Yep, it's coming from the `insecure_generate_tls.sh` script I'd just worked on - and that's what the `curl` check was for 😄 ``` ➜ openssl verify -verbose -CAfile /tmp/kanidm/ca.pem /tmp/kanidm/cert.pem /tmp/kanidm/cert.pem:...
Looks like it is 😭 This works: ``` ➜ openssl s_client -connect localhost:8443 -CAfile /tmp/kanidm/ca.pem CONNECTED(00000005) depth=1 C = AU, ST = Queensland, L = Brisbane, O = INSECURE, CN...
This is still blocked by the lack of ability to implement it at a server level - https://github.com/http-rs/tide/issues/448 The best mitigation is a reverse proxy in front of the instance...