Alexander Bokovoy
@abbra
- 156 Followers
- 72 Following
- 364 Posts
Samba, FreeIPA, SSSD, and a lot of other topics people remember when office infrastructure doesn't work.
Andreas SchneiderI'm happy to annouce kirmes version 0.1.0 providing an async C API now!
Kirmes is a Rust and C implementation of the IPC protocol for the systemd userdb Varlink interface. kirmes provides a safe, async Rust API talking to systemd's userdb. In addition it provides blocking and async C APIs to communicate over Varlink or just parse JSON records for users and groups.
https://crates.io/crates/kirmes
Example: https://gitlab.com/kirmes/kirmes/-/blob/main/example/async_user_record.c
A bit of detour I took in past two months was into the worlds that typically aren't combined: ASN.1 and AI. Anyway, weird results require weird numbers:
https://vda.li/en/posts/2026/03/23/synta/
https://vda.li/en/posts/2026/03/23/synta/
Demo 2: login with SSH key, use Kerberos ticket for access of FreeIPA management interface. Lifetime was set to 2 minutes to help my slow and errorneous typing.
ipa openssh s4u demo 2
COPR repo for Fedora 43-45: dnf copr enable dbelyavs/openssh-gss-s4u
Demo 1: login with SSH key, use Kerberos ticket for sudo authentication. Lifetime set to 1 minute to help with the demo.
ipa openssh s4u demo
Got some progress with protocol transition in #OpenSSH: if you login with any authentication mechanism that does not lead to creation of #Kerberos tickets, now you can configure your server to generate one on the user's behalf. This uses Services For User (S4U) extensions available in Active Directory and #FreeIPA implementations. There are few issues we still trying to address (and bugs found during this development) but it looks promising.
Couple demos in the next toots:
Couple demos in the next toots:
Identity and Access Management devroom #iam at #FOSDEM started with the full room already. We are also tracking air quality in the room and try to ventilate regularly. Thanks to https://fosdem26-air.autkin.net/ project for that!
