Simple distributed authentication system
Go to file
2025-02-09 21:22:58 +01:00
.zed REUSE tag everything 2024-12-16 01:24:46 +01:00
cmd oauth-testsp: update urls 2025-01-14 20:37:45 +01:00
doc/internals doc/internals: correct some token format information 2025-02-09 21:20:15 +01:00
fixtures REUSE tag everything 2024-12-16 01:24:46 +01:00
internal Models/Store: refactor how secondary identifiers work 2025-02-09 21:20:15 +01:00
LICENSES REUSE tag everything 2024-12-16 01:24:46 +01:00
pkg oauth2 error: improve handling of wrapped errors with HTTP statuses 2025-02-09 21:22:58 +01:00
varlink REUSE tag everything 2024-12-16 01:24:46 +01:00
.editorconfig REUSE tag everything 2024-12-16 01:24:46 +01:00
.envrc REUSE tag everything 2024-12-16 01:24:46 +01:00
.gitignore REUSE tag everything 2024-12-16 01:24:46 +01:00
.ko.yaml REUSE tag everything 2024-12-16 01:24:46 +01:00
COPYING
default.nix REUSE tag everything 2024-12-16 01:24:46 +01:00
go.mod Restructure WebUI -> IDPd 2024-12-22 00:02:03 +01:00
go.sum Restructure WebUI -> IDPd 2024-12-22 00:02:03 +01:00
go.sum.license REUSE tag everything 2024-12-16 01:24:46 +01:00
justfile justfile: fix ko build 2025-01-14 19:55:08 +01:00
module.nix REUSE tag everything 2024-12-16 01:24:46 +01:00
PROTOCOLS.md Update PROTOCOLS.md 2024-12-28 17:31:02 +01:00
README.md REUSE tag everything 2024-12-16 01:24:46 +01:00
REUSE.toml REUSE tag everything 2024-12-16 01:24:46 +01:00
shell.nix REUSE tag everything 2024-12-16 01:24:46 +01:00

Authentricity

A Lightweight Distributed Authentication System

Authentricity is a lightweight authenticaton system for distributed environments. Users and groups are stored internally in the systemd JSON user and group record formats

Theoretically the storage backends are pluggable, but presently only Hashicorp Consul is supported.

This project is very much a work in progress

Components

authentricity-hostagent

The hostagent should run on every machine for which you wish to use Authentricity for Unix logins. This component implements the systemd User/Group Varlink API to support user and group lookups.

It is intended to be deployed as a systemd service. See module.nix, which can be used to deploy this on NixOS for details

For both performance and resilience resaons, user information is cached locally:

  • Information less than 60s old is considered up-to-date and Consul is not re-queried for it, speeding up user information requests and reducing Consul load, and
  • In cases where Consul is unable to service requests, then the cache will be considered valid indefinitely

A future version may limit the amount of time locally cached information is considered valid.

TODO: Provide raw systemd unit files

authentricity-webui

This implements

  • A login system, and single-domain shared cookie SSO system
  • A portal which lets users add & remove SSH keys, change their password, etc, and
  • A UI which lets users explore other users and groups, and which lets admins manage users and groups
  • A UI which lets admins manipulate users and groups

This can be deployed as either

TODO: Provide raw systemd unit files TODO: Provide example Kubernetes manifests/Kustomize chart?

authentricity-admin

Command line administation tool (performing direct database accesses)