Skip to content

v1.2.0
Compare
Choose a tag to compare
@Firstyear Firstyear released this 01 May 03:02
· 34 commits to master since this release
v1.2.0
9efa91a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

2024-05-01 - Kanidm 1.2.0

This is the first stable release of the Kanidm Identity Management project. We want to thank every
one in our community who has supported to the project to this point with their invaluable
contributions, comments, questions, feedback and support.

Importantly this release makes a number of changes to our project's support processes. You should
review our support documentation
as this may have important effects on your distribution or upgrades in future.

1.2.0 Important Changes

  • On upgrade all OAuth2 sessions and user sessions will be reset due to changes in cryptographic key handling. This does not affect api tokens.
  • There is a maximum limit of 48 interactive sessions for persons where older sessions are automatically removed.
  • In 1.3.0 new constraints will be introduced that limit the gid/uid number ranges for posix accounts. See our updating documentation which describes steps to detect non-conforming accounts.

1.2.0 Release Highlights

  • The book now contains a list of supported RFCs and standards
  • Add code challenge methods to OIDC discovery
  • CLI lists authentication methods in security preference order
  • Mark replication as stable for two node usage
  • Automatically conflict and disable nscd and sssd in the unixd resolver
  • Harden unixd resolver against memory inspection
  • Enable unixd hardware TPM support
  • Allow setting resource limits in account policy to raise query limits
  • Reduce logging noise on /status checks
  • Allow /dev/tpmrm0 access on older systemd versions
  • Add an improved migration test framework
  • Create an object graph in the experimental admin ui
  • Add a built-in class for all entries that are system provided
  • Fix uid number range handling with systemd
  • Remodel orca for improved load testing features
  • Upgrade concread with non-blocking read transaction acquisition
  • ldap-sync allows re-use of attributes on entry import
  • Support improved MFA challenge response process in unixd
  • Add support for async tasks in unixd
  • Add improved TPM handling for unixd
  • Migrate cryptographic key handling to an object model with future HSM support
  • Limit maximum active sessions on an account to 48
Assets 2
0 Join discussion