------------------------------------------------------------------- Wed Feb 01 03:34:08 UTC 2023 - william.brown@suse.com - Update to version 1.1.0~alpha11~git0.d3a2a6b: * Release 1.1.0-alpha.11 (#1354) * 20230128 protected to access (#1349) * 20230125 pre rel cleanup (#1348) * 20230125 pre rel cleanup (#1347) * Allow multiple backends to run in parallel for repl tests (#1346) * 20230121 access improvement (#1345) * Fix debian build path (#1331) * Windows-related build fixes (#1344) * chore(deps): bump gloo-net from 0.2.5 to 0.2.6 (#1338) * chore(deps-dev): bump mkdocstrings from 0.19.1 to 0.20.0 in /pykanidm (#1334) * making the robots easier and happier (#1343) * chore(deps): bump tokio from 1.24.1 to 1.24.2 (#1340) * chore(deps): bump toml from 0.5.10 to 0.5.11 (#1337) * chore(deps): bump proc-macro2 from 1.0.49 to 1.0.50 (#1332) * chore(deps): bump reqwest from 0.11.13 to 0.11.14 (#1333) * chore(deps): bump async-trait from 0.1.61 to 0.1.62 (#1335) * 2023 orca improve (#1342) * Adding healthcheck functionality to kanidmd (#1330) * less lint more bark, ruff ruff (#1341) * 1121 SCIM import totp freeipa (#1328) * 1121 multiple totp (#1325) * chore(deps-dev): bump pylint from 2.15.9 to 2.15.10 in /pykanidm (#1324) * chore(deps-dev): bump mkdocs-material from 9.0.3 to 9.0.5 in /pykanidm (#1322) * chore(deps-dev): bump coverage from 7.0.4 to 7.0.5 in /pykanidm (#1323) * chore(deps-dev): bump pytest from 7.2.0 to 7.2.1 in /pykanidm (#1318) * chore(deps): bump regex from 1.7.0 to 1.7.1 (#1316) * chore(deps): bump ldap3_client from `2c9dc31` to `b3c7653` (#1320) * chore(deps-dev): bump pook from 1.0.2 to 1.1.1 in /pykanidm (#1319) * chore(deps): bump dialoguer from 0.10.2 to 0.10.3 (#1317) * Fix ldap vattr search (#1315) * Spell checking and stuff (#1314) * Bump coverage from 7.0.1 to 7.0.4 in /pykanidm (#1311) * Bump mkdocstrings-python from 0.8.2 to 0.8.3 in /pykanidm (#1313) * Bump async-trait from 0.1.60 to 0.1.61 (#1310) * Bump mkdocs-material from 8.5.11 to 9.0.3 in /pykanidm (#1312) * Update yew to 0.20 (#1308) * Bump tokio from 1.23.0 to 1.24.1 (#1309) * Cleanup references to sqlite, add a FAQ section (#1307) * Bump serde from 1.0.151 to 1.0.152 (#1303) * Bump whoami from 1.2.3 to 1.3.0 (#1304) * Bump pydantic from 1.10.2 to 1.10.4 in /pykanidm (#1305) * Fix the book again (#1302) * 20221224 cleanup (#1300) * Bump scim_proto from `cb147c8` to `b5a392f` (#1294) * Bump openssl from 0.10.44 to 0.10.45 (#1295) * Bump openssl-sys from 0.9.79 to 0.9.80 (#1296) * docs: reformat book and introduce workflow to ensure it stays formatted (#1286) * Bump libc from 0.2.138 to 0.2.139 (#1292) * Bump ldap3_proto from `5149451` to `2c9dc31` (#1297) * Bump coverage from 6.5.0 to 7.0.1 in /pykanidm (#1298) * feat(kanidmd): add ldap support for mail primary and alternative address (#1287) * chore(make): co-locate .PHONY declaration and target (#1291) * Can’t build designs private documentation (#1289) * 20221221 sync deploy (#1285) * Bump serde from 1.0.150 to 1.0.151 (#1276) * 20221219 sync polish (#1284) * Bump async-trait from 0.1.59 to 0.1.60 (#1278) * Bump toml from 0.5.9 to 0.5.10 (#1280) * Bump dyn-clone from 1.0.9 to 1.0.10 (#1282) * Bump serde_json from 1.0.89 to 1.0.91 (#1275) * Bump mkdocstrings from 0.19.0 to 0.19.1 in /pykanidm (#1277) * feat(oauth2): add support for a 'groups' claim (#1272) * Bump paste from 1.0.9 to 1.0.11 (#1279) * Bump syn from 1.0.105 to 1.0.107 (#1283) * Bump quote from 1.0.21 to 1.0.23 (#1281) * Bump pylint from 2.15.8 to 2.15.9 in /pykanidm (#1274) * Bump proc-macro2 from 1.0.47 to 1.0.49 (#1273) * 20221216 a little cleanup as a treat (#1266) * fix(make): improve help output and solve warnings (#1269) * fix: set executable flag for shell scripts (#1268) * chore: add jceb to list of contributors (#1267) * docs: correct LDAP DN for token authentication (#1263) * docs: correct command for generating a password (#1261) * docs: replace kanidm account with kanidm person (#1262) * docs: unify representation of dn=token (#1264) * docs: fix link to oauth2 documentation (#1260) * 20221123 iam migration work (#1258) * fix(oauth2): use the short name in the userinfo (#1259) * Bump serde from 1.0.148 to 1.0.150 (#1257) * Bump authlib from 1.1.0 to 1.2.0 in /pykanidm (#1255) * Bump pytest-asyncio from 0.20.2 to 0.20.3 in /pykanidm (#1254) * Bump openssl from 0.10.43 to 0.10.44 (#1251) * Bump certifi from 2022.9.24 to 2022.12.7 in /pykanidm (#1247) * Bump tokio from 1.22.0 to 1.23.0 (#1249) * Bump pylint from 2.15.7 to 2.15.8 in /pykanidm (#1253) * Bump black from 22.10.0 to 22.12.0 in /pykanidm (#1256) * Bump filetime from 0.2.18 to 0.2.19 (#1248) * Bump libc from 0.2.137 to 0.2.138 (#1243) * Bump serde from 1.0.147 to 1.0.148 (#1242) * Bump gloo-net from 0.2.4 to 0.2.5 (#1244) * Bump syn from 1.0.103 to 1.0.105 (#1240) * Bump async-trait from 0.1.58 to 0.1.59 (#1239) * Bump pylint from 2.15.6 to 2.15.7 in /pykanidm (#1246) * Bump mkdocs-material from 8.5.10 to 8.5.11 in /pykanidm (#1245) * Improve ldap sections (#1218) * Bump openssl from 0.10.42 to 0.10.43 (#1235) * Bump serde_json from 1.0.88 to 1.0.89 (#1238) * Bump bytes from 1.2.1 to 1.3.0 (#1236) * Bump jetli/wasm-pack-action from 0.3.0 to 0.4.0 (#1231) * Bump rpassword from 7.1.0 to 7.2.0 (#1233) * Add new mail read group (#1224) * fixing up automation (#1230) * Add signal trapping for a variety of signals (#1223) * docs tweaks, renaming integrations (#1228) * Add ability to bind with token with a dn=token marker (#1225) * 20221121 debug webui (#1217) * Cargo updates (#1219) * Bump reqwest from 0.11.12 to 0.11.13 (#1210) * Abstract webauthn authenticator access, and use Windows API on Windows (#1203) * 20221116 oauth2 app portal 2 (#1201) * Bump pylint from 2.15.5 to 2.15.6 in /pykanidm (#1216) * Bump serde_json from 1.0.87 to 1.0.88 (#1212) * Bump tokio from 1.21.2 to 1.22.0 (#1213) * Bump mkdocstrings-python from 0.8.0 to 0.8.2 in /pykanidm (#1215) * Bump mypy from 0.990 to 0.991 in /pykanidm (#1214) * 20221116 oauth2 app portal (#1200) * Bump pytest-asyncio from 0.20.1 to 0.20.2 in /pykanidm (#1194) * 1116 UI hints (#1199) * Reword security keys (#1196) * Bump mkdocs-material from 8.5.8 to 8.5.10 in /pykanidm (#1193) * remove pam tester (#1197) * Bump mkdocstrings-python from 0.7.1 to 0.8.0 in /pykanidm (#1195) * Bump types-toml from 0.10.8 to 0.10.8.1 in /pykanidm (#1192) * Bump mypy from 0.982 to 0.990 in /pykanidm (#1191) * Bump chrono from 0.4.22 to 0.4.23 (#1188) * Bump actions/dependency-review-action from 2 to 3 (#1187) * Bump base64urlsafedata from 0.1.1 to 0.1.2 (#1190) * Workflow tweaks (#1186) * 1116 UI hint (#1185) * 613 oauth2 logout (#1184) * started working on fixing a log issue and chased some clippy lints (#1182) * 20221103 ipa import driver (#1180) * Review oauth2 best practices document (#1181) * Add tools container support (#1178) * improve webauthn errors (#1179) * Add version header and warnings (#1175) * Bump mkdocs-material from 8.5.7 to 8.5.8 in /pykanidm (#1173) * Bump mkdocs from 1.4.1 to 1.4.2 in /pykanidm (#1174) * Bump regex from 1.6.0 to 1.7.0 (#1172) * Improve handling of openssl3 in md4 tests (#1171) * Add /etc/skel templating and notes adjacent to kanidm-unixd and packaging (#1113) * Further test improvements (#1166) * Setup for next dev cycle (#1165) ------------------------------------------------------------------- Wed Nov 09 21:48:25 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha10~git2.4a03ca5: * Add tools container support (#1178) * Improve handling of openssl3 in md4 tests (#1171) ------------------------------------------------------------------- Tue Nov 1 04:31:58 UTC 2022 - William Brown - Update to kanidm 1.1.0-alpha.10 * Management and tracking of authenticated sessions * Make upgrade migrations more robust when upgrading over multiple versions * Add support for service account tokens via ldap for extended read permissions * Unix password management in web ui for posix accounts * Support internal dynamic group entries * Allow selection of name/spn in oidc claims * Admin UI wireframes and basic elements * TLS enforced as a requirement for all servers * Support API service account tokens * Make name rules stricter due to issues found in production * Improve Oauth2 PKCE testing * Add support for new password import hashes * Allow configuration of trusting x forward for headers * Components for account permission elevation modes * Make pam\_unix more robust in high latency environments * Add proc macros for test cases * Improve authentication requests with cookie/token seperation * Cleanup of expired authentication sessions * Improved administration of password badlists ------------------------------------------------------------------- Fri Sep 09 02:33:47 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha9~git6.b20d5312: * Resolve upgrade in place error with cbor to json (#1028) ------------------------------------------------------------------- Fri Aug 26 06:03:26 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha9~git5.98546259: * Remove dependency on git webauthn authentication versions ------------------------------------------------------------------- Fri Aug 26 04:28:35 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha9~git4.33b4e11b: * Resolve issue with migration application order (#986) ------------------------------------------------------------------- Tue Aug 02 04:58:28 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha9~git2.ebab6c5f: * Fix cargo.lock + Docker * Fixing the Github Actions Kanidmd build (#963) * (cargo-release) version 1.1.0-alpha.9 (#962) * Improve radius to support eap-tls with ca-dir (#957) * A pile of Wasm UI tweaks (#958) * Bump types-requests from 2.28.3 to 2.28.6 in /kanidm_rlm_python (#960) * Update validator requirement from ^0.15.0 to ^0.16.0 (#959) * Bump types-requests from 2.28.3 to 2.28.6 in /pykanidm (#961) * 383 164 authentication updates 9 (#956) * Update libsqlite3-sys requirement from 0.24.2 to 0.25.0 in /kanidm_unix_int (#929) ------------------------------------------------------------------- Sun May 01 05:33:09 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha8~git1.980f358d: * Push some missed bits to documents * (cargo-release) version 1.1.0-alpha.8 * 20220501 fix logging (#730) * ref #725 - updated comment to note it's still failing (#727) * Remove async references (#724) * 383 170 164 authentication updates 3 (#723) * Making the login path nicer, dev scripting (#721) * Tweak docs generation... (#722) * Docs updates to push all tagged versions + dev (#720) * 20220427 dependency updates (#718) ------------------------------------------------------------------- Tue Apr 5 05:35:55 UTC 2022 - William Brown - Automatic update of vendored dependencies ------------------------------------------------------------------- Mon Mar 14 06:58:28 UTC 2022 - william.brown@suse.com - Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS ------------------------------------------------------------------- Fri Jan 07 00:59:36 UTC 2022 - wbrown@suse.de - resolve bsc#1194119 (CVE-2021-45710) ------------------------------------------------------------------- Fri Dec 31 00:11:55 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha7~git0.c8468199: * (cargo-release) version 1.1.0-alpha.7 * Pre-release update and cleanup (#631) * Improve autofocus to oauth2 (#630) * Finalise email changes for oidc (#629) * Temp use env filter (#628) * 20211216 tracing cleanup (#627) * Art attribution * Refactor of value and addition of base types for business attributes (#626) * Add xmas logo * Add rinstall file (#625) ------------------------------------------------------------------- Fri Oct 01 02:10:02 UTC 2021 - wbrown@suse.de - bsc#1191031 - use _pam_moduledir in spec macros - Update to version 1.1.0~alpha6~git0.c9f4b1d: * (cargo-release) version 1.1.0-alpha.6 * Added an interactive cli dialog to kanidm login (#584) * Add support for storing security token key in domain config (#581) * Remove auditscope for tracing (#580) * Entry Arc Tracking to reduce memory footprint (#579) * Rewrite how we store the internals of valuesets in entries (#578) * Improving logging and docs around unixd/PAM/NSS (#577) * Swap to tide-openssl (#575) * Start to remove audit scope :) (#574) * Fix io capture in tests (#573) ------------------------------------------------------------------- Wed Jul 07 02:36:51 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha5~git0.4be329e: * (cargo-release) version 1.1.0-alpha.5 * Release prep * Fix totp registration workflow with broken authenticators (#516) * Add statistical analysis to indexes (#505) * 511 upgrade failure - add debuging tools and improve debugging of the issue. (#512) * fixes #503 - TOTP prompt no longer drops a newline (#515) * Fixing kanidm windows client build (#507) * Add the ability to configure and provide Oauth2 authentication for Kanidm. (#485) * Change default totp to sha256 (#504) * Fixes #494 - password change user-facing responses (#499) * Fix readonly check (#496) * Update webauthn-authenticator-rs to fix test failures (#493) * Update repo locations and versions in prep for release (#492) * Add workaround for podman subid issue (#491) * 163 account recovery code (#469) * check user shell (#392) (#490) * Removed `OperationResponse` (#489) * Set default shell to `bin/sh` (#488) * 20210607 orca ldap (#470) * `kanidm_client` bool/return values (#479) * Arc cachesize warning fixes (#483) * Closure Refactoring (#482) * Renamed fields in `dbvalue` (#477) * 471 add service files (#474) * fixes #478 - adds note about web ui already being packaged (#480) * unixd will now bail if startup tests fail (#476) * Add email syntax (#465) * Add some openid stubs (#464) * Add auth docs (#463) * 64 120 session claims (#462) * Add ldap vattr mapping (#459) * Fix for unixd issue (#460) * 414 clear stale credentials (#447) * Fix multivalue setting of description attribute (#457) * 445 update pam nsswitch md (#451) * simpler ip logging (#454) * I might have become clippy this time (#449) * Calming clippy's nerves, Friday edition (#448) * 444 - client's config URI missing and more file open handling (#446) * Fix proxy usage in tests (#443) * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) * oauth design (#441) * Adding an example config file (#440) * adding env vars, making clippy happier, cleaning up some error messages (#438) * 20210509 cleanup clippy and audit name (#437) * 277 radius pw not accept for main pw (#435) * Orca - a load testing framework for Kanidm (#431) * Add verification of name indexes (#433) * Add ability to pick a server role (#432) * Adding a new verb group remove_members (#434) * 397 Caching password badlist (#425) * User feedback improvements, also handling a permissions issue (#424) * Fix concat issue * Update contributors * Making clippy happy (#420) * Fix 421 - clearer debug messages when doing things (#422) * 62 idm qs cleanup (#419) * Rough working login page (#417) * Make clippy happy (#415) * More debug messages (#413) * merging upstream (#411) * Improve error message when socket not found (#412) * Idlset2, query cache, acp resolve cache (#409) * Add lto thin (#410) * fixing broken action (#405) * Basic documentation for monitoring (#404) * Create design for mfa_backup_code.rst (#402) * phrasing (#401) * Docs update (#400) - Remove un-needed source files: * kanidm-unixd-tasks.service * kanidm-unixd.service * kanidmd.service * server.toml ------------------------------------------------------------------- Thu Jun 24 02:54:31 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git54.675146e: * check user shell (#392) (#490) * Removed `OperationResponse` (#489) * Set default shell to `bin/sh` (#488) * 20210607 orca ldap (#470) * `kanidm_client` bool/return values (#479) * Arc cachesize warning fixes (#483) * Closure Refactoring (#482) ------------------------------------------------------------------- Wed Jun 16 02:38:11 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git47.5e83b68: * Renamed fields in `dbvalue` (#477) * 471 add service files (#474) * fixes #478 - adds note about web ui already being packaged (#480) * unixd will now bail if startup tests fail (#476) * Add email syntax (#465) * Add some openid stubs (#464) * Add auth docs (#463) * 64 120 session claims (#462) * Add ldap vattr mapping (#459) ------------------------------------------------------------------- Thu May 27 11:18:43 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git38.d978c9d: * Fix for unixd issue (#460) ------------------------------------------------------------------- Wed May 26 06:12:04 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git37.e8b1089: * 414 clear stale credentials (#447) * Fix multivalue setting of description attribute (#457) * 445 update pam nsswitch md (#451) * simpler ip logging (#454) * I might have become clippy this time (#449) * Calming clippy's nerves, Friday edition (#448) * 444 - client's config URI missing and more file open handling (#446) * Fix proxy usage in tests (#443) * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) * oauth design (#441) * Adding an example config file (#440) * adding env vars, making clippy happier, cleaning up some error messages (#438) * 20210509 cleanup clippy and audit name (#437) * 277 radius pw not accept for main pw (#435) * Orca - a load testing framework for Kanidm (#431) * Add verification of name indexes (#433) * Add ability to pick a server role (#432) * Adding a new verb group remove_members (#434) * 397 Caching password badlist (#425) * User feedback improvements, also handling a permissions issue (#424) * Fix concat issue * Update contributors * Making clippy happy (#420) * Fix 421 - clearer debug messages when doing things (#422) * 62 idm qs cleanup (#419) * Rough working login page (#417) * Make clippy happy (#415) * More debug messages (#413) * merging upstream (#411) * Improve error message when socket not found (#412) * Idlset2, query cache, acp resolve cache (#409) * Add lto thin (#410) * fixing broken action (#405) * Basic documentation for monitoring (#404) * Create design for mfa_backup_code.rst (#402) * phrasing (#401) * Docs update (#400) ------------------------------------------------------------------- Thu Apr 01 01:11:04 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git0.0ac5da8: * Performance Improvements * TOTP CLI enrollment * Jemalloc in main server instead of system allocator * Command line completion * TLS file handling improvements * Webauthn authentication and enrollment on CLI * Add db vacuum task * Unix tasks daemon that automatically creates home directories * Support for sk-ecdsa public ssh keys * Badlist checked at login to determine account compromise * Minor Fixes for attribute display ------------------------------------------------------------------- Mon Dec 28 00:15:25 UTC 2020 - wbrown@suse.de - Update to version v1.1.0alpha.3~git0.b34c893: * (cargo-release) version 1.1.0-alpha.3 * release notes * Update Dependencies * Unixd - NXCache of unknown items (#338) * WIP - Improve Auth Proto to Support Webauthn (#333) * Follow up on ci fixes * Add port verification to start server in kanidm_client tests * Update CI base image to ubuntu 20.04 * Add libudev to ci * 13 135 webauthn support (#332) * Change root user check to warning due to container run times (#328) * Fixes #324 account softlocking and rate limiting (#326) * Add passpoint link * Update tumbleweed docs * Account valid-from and expiry (#322) ------------------------------------------------------------------- Thu Oct 01 00:19:19 UTC 2020 - wbrown@suse.de - Update to version v1.1.0alpha.2~git0.764e727: * Update * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * gitignore * Update Release Notes * 250 cookie to auth bearer (#321) * 259 reduce clones (#319) * Xxx clippy outdated (#318) * 314 improve async (#316) * Update README.md * On login pw upgrade (#315) * Add python3 support to radius * Dynamic crypto rounds (#311) * tweak book chapter * 67 resource limits impl (#307) * Update based on review * Apply suggestions from code review * doc * Build improvements * Support zfs page size * V large cleanup * Cleanup and improve client error handling * Improve server hardening * Update deps + add simd support in container * Add FAQ + eap selection * Minor updates * tweak release steps ------------------------------------------------------------------- Mon Aug 3 00:38:29 UTC 2020 - William Brown - Initial Commit