search for: oidc

Displaying 8 results from an estimated 8 matches for "oidc".

Did you mean: oid
2023 Mar 20
1
Dovecot unified event filtering
Hello, I have an issue with debug logging when using a custom plugin for Dovecot. In my plugin, I create a child event of the session's user event: ```c struct event *plugin_event = event_create(list->ns->user->event); event_set_name(plugin_event, "oidc_shared_mailboxes_plugin"); event_set_min_log_level(plugin_event, LOG_TYPE_WARNING); event_set_append_log_prefix(plugin_event, "oidc-shared-mailboxes-plugin: "); ``` I then use passthrough events like the following: ``` e_debug(event_create_passthrough(data->event)->event(), &...
2024 Feb 09
1
Authentication using federated identity
Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship...
2024 Feb 08
2
Authentication using federated identity
I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or
2024 Feb 09
2
Authentication using federated identity
On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort of acceptable for occasional logins but > doesn't
2020 Jan 30
6
SSH certificates - restricting to host groups
...query this information? The inventory system tracks hosts rather than users, but I don't see a big problem putting the user-group relationship into LDAP, even if it only writes out a flat file periodically. However, the system which issues the certs needs to be able to do the mapping from OIDC claims to SSH cert principals.? I've just been looking at step-ca and I don't see a way to do that.? I haven't looked at cashier yet, and I only just learned of gsh. Regards, Brian.
2023 Mar 07
2
Feature request: a good way to supply short-lived certificates to openssh
On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote: > On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: > [...] > > ssh_config contains a Match ... exec [command to refresh the certificate]. > > This sort of works, except that it runs the command far too frequently. > > For example, ssh -O exit [name] refreshes the certificate, and it
2020 Jan 30
5
SSH certificates - restricting to host groups
Hello, I am trying to work out the best way to issue SSH certificates in such way that they only allow access to specific usernames *and* only to specific groups of host. As a concrete example: I want Alice to be able to login as "alice" and "www" to machines in group "webserver" (only). Also, I want Bob to be able to login as "bob" and
2020 Jan 26
0
Number of imap-login processes always keeps growing, never goes down
...limit. I started having this problem with Dovecot version 2.3.2.1. After which I updated to the latest version of Dovecot (2.3.9.2) to see if that would fix my problem. However I'm still experiencing the same issue. For a bit of context; We use Dovecot with Open-Xchange where users login via OIDC, get a token and then use that token with Dovecot with the 'oauthbearer' auth method. However users can also login via a username / password combo stored in LDAP for clients that don't support 'oauthbearer' (ie. about all the mail clients ;-). We run Dovecot on SmartOS (ie. Illu...