thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: SECURITY: disable kanidm anonymous account

Browse Source
This commit is contained in:
nhnn
2025-07-09 15:11:04 +03:00
parent 71e4aa7960
commit 66cbd47d77
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
auth/auth-module.nix
View File

@@ -81,6 +81,9 @@ let
fi fi
fi fi
# disable anonymous account because it allows to freely iterate over all users on kanidm instance.
$KANIDM service-account validity expire-at anonymous epoch
# create a new token for kanidm # create a new token for kanidm
if ! KANIDM_SERVICE_ACCOUNT_TOKEN_JSON="$($KANIDM service-account api-token generate --name idm_admin "${kanidmServiceAccountName}" "${kanidmServiceAccountTokenName}" ${lib.strings.optionalString isRW "--rw"} --output json)" if ! KANIDM_SERVICE_ACCOUNT_TOKEN_JSON="$($KANIDM service-account api-token generate --name idm_admin "${kanidmServiceAccountName}" "${kanidmServiceAccountTokenName}" ${lib.strings.optionalString isRW "--rw"} --output json)"
then then