Firstyear
Firstyear
> Would an onboarding attribute templating be sufficient to also cover policy enforcement when an accounts validity is just extended? I don't quite understand what you mean by this? My...
See #3536 - tl;dr is "no" because an email service is a collection of different services, each with a unique intent. Anyway, there is more detail over there. But has...
We already do this with the hsm-pin in unixd, so I think just having a file path is the way to go - we can do this as part of...
Hi there, Yes, we are considering it, but we want to do it correctly and securely. Simply put, today that isn't possible. Today for system access we have password for...
No problem, we will get to it as I said, but we want to do it right :)
> Chiming in because multi-factor unix authentication is one of the last bumps in the road before kanidm can be our all-in-one idm solution. You already have MFA - SSH...
Technically - yes. Should we? Maybe not? The issue is when a file is changing, which file do we trigger the reload on? The chain or the key? There is...
We already do the check in the reload @yaleman so we don't need that. The issue is that while a process or the user is replacing due to inotify events,...
Period read has it's own issues. I think inotify makes more sense here. We would probably want a debounce so that after the files change, we wait a minute or...
I don't mind this tbh. I can see why this would be useful for a lot of homelab users and private accounts, where you really do have a single machine...