I am trying to figure out how I can retain personal SSH keys (probably the most important part, or at least important to have an alternative connection method) while also having modern tools like SSO or at least SAML, some way to federate to different ADs.

I know there are a few things out there like Authentik and Authelia, but not 100% sure Authentik covers those needs above. Does anyone have experience with these or other modern LDAP alternatives that work well with Linux?

  • mudle@lemmy.ml
    7·
    6 months ago

    Maybe I’m just nostalgic but I think a classic IPA doesn’t need a modern twist. I’m all for IPA open sourcing their beer; heck, free beer is good enough for me.

    In all seriousness though, I already saw a user recommend kanidm. I can vouch for kanidm; written in Rust, it allows offline authentication and offline caching of user info, which is really handy if you’re in a situation with poor internet connectivity. kanidm is feature rich:@g5pw@feddit.it already mentioned OAuth2 support, LDAP, RADIUS; etc. It even supports TOTP!! Kanidm doesn’t support SAML IIRC, But SSO can be achieved through OAuth2 with OIDC.

    From kanidm’s Github:

    Kanidm aims to have the features richness of FreeIPA, but without the resource and administration overheads. If you want a complete IDM package, but in a lighter footprint and easier to manage, then Kanidm is probably for you. In testing with 3000 users + 1500 groups, Kanidm is 3 times faster for search operations and 5 times faster for modification and addition of entries (your results may differ however, but generally Kanidm is much faster than FreeIPA).

    https://github.com/kanidm/kanidm