Skip to content
/ kanidm Public
forked from kanidm/kanidm

Kanidm: A simple, secure and fast identity management platform

License

MPL-2.0 license
0 stars 172 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

privatevoid-net/kanidm

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

726 Commits
.github
.github
 
 
artwork
artwork
 
 
designs
designs
 
 
ethics
ethics
 
 
examples
examples
 
 
kanidm_book
kanidm_book
 
 
kanidm_client
kanidm_client
 
 
kanidm_proto
kanidm_proto
 
 
kanidm_rlm_python
kanidm_rlm_python
 
 
kanidm_tools
kanidm_tools
 
 
kanidm_unix_int
kanidm_unix_int
 
 
kanidmd
kanidmd
 
 
kanidmd_web_ui
kanidmd_web_ui
 
 
orca
orca
 
 
platform
platform
 
 
profiles
profiles
 
 
project_docs
project_docs
 
 
pykanidm
pykanidm
 
 
sketching
sketching
 
 
.clippy.toml
.clippy.toml
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CHECKLIST.md
CHECKLIST.md
 
 
CODEOWNERS
CODEOWNERS
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTORS.md
CONTRIBUTORS.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
DEVELOPER_README.md
DEVELOPER_README.md
 
 
FAQ.md
FAQ.md
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASE_NOTES.md
RELEASE_NOTES.md
 
 
SECURITY.md
SECURITY.md
 
 
VERSION
VERSION
 
 
build_all_the_docs.sh
build_all_the_docs.sh
 
 
check_dependabot.sh
check_dependabot.sh
 
 
insecure_generate_tls.ps1
insecure_generate_tls.ps1
 
 
insecure_generate_tls.sh
insecure_generate_tls.sh
 
 
install.yml
install.yml
 
 

Repository files navigation

Kanidm

Kanidm is an identity management platform written in rust. Our goals are:

  • Modern identity management platform
  • Simple to deploy and integrate with
  • Extensible for various needs
  • Correct and secure behaviour by default

Today the project is still under heavy development to achieve these goals - We have many foundational parts in place, and many of the required security features, but it is still an Alpha, and should be treated as such.

Documentation / Getting Started / Install

If you want to deploy Kanidm to see what it can do, you should read the kanidm book.

We also publish limited support guidelines.

Code of Conduct / Ethics

See our code of conduct

See our documentation on rights and ethics

Getting in Contact / Questions

We have a gitter community channel where we can talk. Firstyear is also happy to answer questions via email, which can be found on their github profile.

Developer Getting Started

If you want to develop on the server, there is a getting started guide for developers. IDM is a diverse topic and we encourage contributions of many kinds in the project, from people of all backgrounds.

Features

Implemented

  • SSH key distribution for servers
  • PAM/nsswitch clients (with limited offline auth)
  • MFA - TOTP
  • Highly concurrent design (MVCC, COW)
  • RADIUS integration
  • MFA - Webauthn

Currently Working On

  • CLI for administration
  • WebUI for self-service with wifi enrollment, claim management and more.
  • RBAC/Claims/Policy (limited by time and credential scope)
  • OIDC/Oauth

Upcoming Focus Areas

  • Replication (async multiple active write servers, read-only servers)

Future

  • SSH CA management
  • Sudo rule distribution via nsswitch
  • WebUI for administration
  • Account impersonation
  • Synchronisation to other IDM services

Some key project ideas

  • All people should be respected and able to be represented securely.
  • Devices represent users and their identities - they are part of the authentication.
  • Human error occurs - we should be designed to minimise human mistakes and empower people.
  • The system should be easy to understand and reason about for users and admins.

Features We Want to Avoid

  • Auditing: This is better solved by SIEM software, so we should generate data they can consume.
  • Fully synchronous behaviour: This prevents scaling and our future ability to expand.
  • Generic database: We don't want to be another NoSQL database, we want to be an IDM solution.
  • Being like LDAP/GSSAPI/Kerberos: These are all legacy protocols that are hard to use and confine our thinking - we should avoid "being like them" or using them as models.

What does Kanidm mean?

The original project name was rsidm while it was a thought experiment. Now that it's growing and developing, we gave it a better project name. Kani is Japanese for "crab". Rust's mascot is a crab. IDM is the common industry term for identity management services.

About

Kanidm: A simple, secure and fast identity management platform

Resources

Readme

License

MPL-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 95.9%
  • Python 1.7%
  • JavaScript 1.1%
  • Shell 0.6%
  • Makefile 0.3%
  • Dockerfile 0.2%
  • Other 0.2%