jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

Identity management #25

New Issue
Closed
opened 2024-05-06 17:24:07 +01:00 by jordan · 1 comment
jordan commented 2024-05-06 17:24:07 +01:00
Owner
Copy Link

Options evaluated...

OpenLDAP

  • 🟢 Proper LDAP
  • 🟠 Would need another service on top (e.g. Authelia) to do OAuth/SSO etc.
  • 🔴 No web UI
  • 🔴 Too complex and unwieldy to setup and maintain

Kanidm

  • 🟢 Supports a wide range of authentication mechanisms and protocols
  • 🟢 WebAuthn attestation
  • 🟢 Good secure-by-default attitude
  • 🔴 Can't manage users from the web UI

Zitadel

  • 🟢 Supports a wide range of authentication mechanisms and protocols
  • 🟢 Full featured web UI
  • 🟠 Current version in nixpkgs is unmaintained (being updated here: https://github.com/NixOS/nixpkgs/pull/333541) Merged!
  • 🟠 Bug in database initialisation (hangs on creation of the first instance) Fixed!
  • 🟠 Since it's multi-tenant, the URLs and user IDs are clunky - e.g. vimium.id.vimium.com
  • 🔴 Slow login times during testing >3 seconds
  • 🔴 Resource heavy

Authentik

  • 🟢 Supports a wide range of authentication mechanisms and protocols
  • 🟢 nixpkgs up-to-date
  • 🟠 Web UI isn't as pretty as Zitadel's
  • 🔴 Resource heavy
Options evaluated... ## [OpenLDAP](https://www.openldap.org/) - 🟢 Proper LDAP - 🟠 Would need another service on top (e.g. [Authelia](https://www.authelia.com/)) to do OAuth/SSO etc. - 🔴 No web UI - 🔴 Too complex and unwieldy to setup and maintain ## [Kanidm](https://github.com/kanidm/kanidm) - 🟢 Supports a wide range of authentication mechanisms and protocols - 🟢 WebAuthn attestation - 🟢 Good secure-by-default attitude - 🔴 Can't manage users from the web UI ## [Zitadel](https://zitadel.com/) - 🟢 Supports a wide range of authentication mechanisms and protocols - 🟢 Full featured web UI - ~~🟠 Current version in `nixpkgs` is unmaintained (being updated here: https://github.com/NixOS/nixpkgs/pull/333541)~~ Merged! - ~~🟠 Bug in database initialisation (hangs on creation of the first instance)~~ Fixed! - 🟠 Since it's multi-tenant, the URLs and user IDs are clunky - e.g. vimium.id.vimium.com - 🔴 Slow login times during testing >3 seconds - 🔴 Resource heavy ## [Authentik](https://goauthentik.io/) - 🟢 Supports a wide range of authentication mechanisms and protocols - 🟢 `nixpkgs` up-to-date - 🟠 Web UI isn't as pretty as Zitadel's - 🔴 Resource heavy
jordan added the
kind
enhancement
 label 2024-05-06 17:24:07 +01:00
jordan added this to the Config Improvements project 2024-05-06 17:24:07 +01:00
jordan commented 2024-08-12 21:11:01 +01:00
Author
Owner
Copy Link

Completed in 413869266e

Completed in 413869266e23a095967a1849a0140e71aacfbab2
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
hardware/audio
hardware/pi
host
all
host
desktop
host
server
infra/build
infra/secrets
infra/setup
kind
bug
kind
enhancement
module/gnome
module/neovim
module/vscode
No Label
kind
enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project Config Improvements
Assignees
Clear assignees
jordan
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: jordan/nix-config#25
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?