Alexander Bokovoy

@abbra
156 Followers
71 Following
363 Posts
Samba, FreeIPA, SSSD, and a lot of other topics people remember when office infrastructure doesn't work.
Alexander Bokovoy5d ago
Andreas Schneider5d ago

I'm happy to annouce kirmes version 0.1.0 providing an async C API now!

Kirmes is a Rust and C implementation of the IPC protocol for the systemd userdb Varlink interface. kirmes provides a safe, async Rust API talking to systemd's userdb. In addition it provides blocking and async C APIs to communicate over Varlink or just parse JSON records for users and groups.

https://crates.io/crates/kirmes

Example: https://gitlab.com/kirmes/kirmes/-/blob/main/example/async_user_record.c

#systemd #varlink #linux

crates.io: Rust Package Registry

crates.io serves as a central registry for sharing crates, which are packages or libraries written in Rust that you can use to enhance your projects

Alexander Bokovoy5d ago
A bit of detour I took in past two months was into the worlds that typically aren't combined: ASN.1 and AI. Anyway, weird results require weird numbers:
https://vda.li/en/posts/2026/03/23/synta/
ASN.1 for legacy apps: Synta

Pretty much everything I deal with requires parsing ASN.1 encodings. ASN.1 definitions published as part of internet RFCs: certificates are encoded using DER...

Show threadAlexander BokovoyMar 10

Demo 2: login with SSH key, use Kerberos ticket for access of FreeIPA management interface. Lifetime was set to 2 minutes to help my slow and errorneous typing.

https://youtu.be/Bx7_ZJskofo

ipa openssh s4u demo 2

YouTube
Show threadAlexander BokovoyMar 10

COPR repo for Fedora 43-45: dnf copr enable dbelyavs/openssh-gss-s4u

Demo 1: login with SSH key, use Kerberos ticket for sudo authentication. Lifetime set to 1 minute to help with the demo.

https://youtu.be/hlxFCs_RIRE

ipa openssh s4u demo

YouTube
Alexander BokovoyMar 10
Got some progress with protocol transition in #OpenSSH: if you login with any authentication mechanism that does not lead to creation of #Kerberos tickets, now you can configure your server to generate one on the user's behalf. This uses Services For User (S4U) extensions available in Active Directory and #FreeIPA implementations. There are few issues we still trying to address (and bugs found during this development) but it looks promising.

Couple demos in the next toots:
Alexander BokovoyFeb 1
Identity and Access Management devroom #iam at #FOSDEM started with the full room already. We are also tracking air quality in the room and try to ventilate regularly. Thanks to https://fosdem26-air.autkin.net/ project for that!
FOSDEM'26 Air quality monitoring | FOSDEM'26 Air quality monitoring

FOSDEM'26 Air quality monitoring | FOSDEM'26 Air quality monitoring | |

Alexander BokovoyJan 31
#FreeIPA at #FOSDEM :)
Alexander BokovoyJan 31
We are almost ready with #FreeIPA #SSSD #Keycloak stand at #FOSDEM. Come to visit us at building K!
Alexander BokovoyJan 29
The new CentOS branding is cute. #centosconnect
Alexander BokovoyJan 28

About to leave to Brussels for #CentOSConnect and #FOSDEM. We will have a #FreeIPA / #SSSD / #Keycloak stand on Saturday (at building K level 1 group C) and Identity and Access Management devroom (H.2214) on Sunday.

Come to see and discuss!