Package Details: kanidm-server 1.4.2-2

Git Clone URL: https://aur.archlinux.org/kanidm.git (read-only, click to copy)
Package Base: kanidm
Description: kanidm server for idendity management, supports RADIUS, ssh key management.
Upstream URL: https://github.com/kanidm/kanidm
Keywords: authentication iam identity identity-management idm ldap oidc radius rust scim security ssh-authentication webauthn
Licenses: MPL-2.0
Conflicts: kanidm-server-git
Provides: kanidm-server
Submitter: soloturn
Maintainer: soloturn (cubi, fossdd, Doridian)
Last Packager: Doridian
Votes: 5
Popularity: 1.69
First Submitted: 2021-04-02 14:45 (UTC)
Last Updated: 2024-11-16 18:18 (UTC)

Latest Comments

1 2 Next › Last »

Doridian commented on 2024-11-16 20:14 (UTC) (edited on 2024-11-16 20:15 (UTC) by Doridian)

On some Linux distributions, there is a group called shadow. This group is the group of /etc/shadow, which on those systems is chmod 640

This is I think mainly to permit unix_chkpwd to verify passwords without being setuid-root (and instead being setgid-shadow). On Arch, unix_chkpwd is setuid+setgid-root and /etc/shadow is chmod 600 and owned by user+group root

Why Arch chose to use setuid-root instead of setgid-shadow, I do not know

soloturn commented on 2024-11-16 20:05 (UTC)

where does shadow come from and what is it for here? resp - why it is different on arch than on others?

Doridian commented on 2024-11-16 18:19 (UTC)

For now I have pushed a new release with a patch to remove shadow from the service definition so people upgrading don't have a chance to break their system.

I'll read through that GitHub issue, thanks.

soloturn commented on 2024-11-16 09:15 (UTC) (edited on 2024-11-16 09:16 (UTC) by soloturn)

doridian, with pleasure. added you as co maintainer. there is a recent discussion on kanidm github how to build the package so the build does not break so often: https://github.com/kanidm/kanidm/issues/2751.

Doridian commented on 2024-11-15 23:27 (UTC) (edited on 2024-11-16 00:55 (UTC) by Doridian)

Just installed this package and noticed an issue: /usr/lib/systemd/system/kanidm-unixd.service refers to shadow in SupplementaryGroups. Arch (at least on any of my systems) does not have a group called shadow, causing kanidm-unixd to fail to start (well, causing systemd to fail to start it, rather).

Likely just a simple patch to remove the group from the service file? For now I did a groupadd shadow to bypass the startup failure, and everything else seems to be just fine.

Doridian commented on 2024-11-15 20:37 (UTC) (edited on 2024-11-15 23:21 (UTC) by Doridian)

Hey, is any help needed maintaining this package? I'd love to help if that's the case.

I noticed recently 1.4.x released 2 weeks ago and the 1.3.3 version currently released also seems to no longer build for me on current Arch.

For now I have created my own copy of this repo on GitHub with a working 1.4.2 build: https://github.com/Doridian/kanidm-aur/commit/a6e17e49649360fd12eff2e1e2ab5072fbd0859e (they forgot to update their lockfile hence the .patch being needed for specifically 1.4.2 to make --locked work)

//EDIT: Updated git hash as I realized I initially broke the server package build due to WebUI updates, fixed and tested that it works this time!

//EDIT2: Just noticed it was updated. Thanks :)

soloturn commented on 2024-07-19 22:25 (UTC) (edited on 2024-07-19 22:37 (UTC) by soloturn)

fossdd, added you as co maintainer, and updated to kanidm-1.2.3.

fossdd commented on 2024-06-06 10:15 (UTC)

hey, i'd like to co-maintain this package as I also maintain the Alpine Linux port of kanidm. I'd upgrade kanidm to 1.2.3 as this would ig. also fix the current build issue.

yaleman commented on 2024-05-06 22:02 (UTC)

Hey folks, this package is failing to build because you're building everything - (ref https://github.com/kanidm/kanidm/issues/2751) can I suggest you build the specific binaries instead of the dev things like Orca?

1 2 Next › Last »