Firstyear

@jinnatar So part of the issue here is that when you reset the value, we aren't actually "hardcoding" a value, there is an *inherited* default. That's so that in the...

Actually as soon as I typed it, I think the timestamp in the credential is still correct. Because then we can use the time stamp based on what credential was...

> Actually as soon as I typed it, I think the timestamp in the credential is still correct. Because then we can use the time stamp based on what credential...

Actually I'm overthinking, as a read on credentials is only *METADATA* not anything security sensitive. So that's okay. So then it's just the unix vs primary we have to think...

And not just that we really should return the pwdChangedTime of the credential that was used to *bind* to the server, so that may add some complexity. Sorry for comment...

HTTP Basic Auth does *not* URL escape usernames. https://www.rfc-editor.org/rfc/rfc7617#section-2 Further, basic auth is sent in a header, not in the URL. Again, it does not need escaping. This represents a...

I wonder if this would be vulnerable to a denial of service? Say that I have a site `https //naughty.server.com` and then I do a related origin request/condition create or...

I can't reproduce this - I deleted home/william and the uuid folder multiple times and logged out and in, and each time it recreated the folder properly. You'll need to...

> [@Firstyear](https://github.com/Firstyear) I think this might be covered by [#3807](https://github.com/kanidm/kanidm/pull/3807) ? Already in 1.7.3

Your unixd log shows that there was no call to "pam_session" so you likely are missing `session required pam_kanidm.so` in your config.