Auri stands for:
Auri implements self service account creation and reset of credentials for FreeIPA
- Requesting of accounts with validation workflow (see below)
- Whitelisting of allowed domains
- Self-service reset of password and/or SSH keys
- Designed to store as less data as possible (e.g. no secrets are stored)
- Logging of all IPA operations
- Logging of all interactions (e.g. account request, approval actions)
- Linux (RH family)
- PostgreSQL (tested with PostgreSQL 12)
- FreeIPA (tested with FreeIPA 4.6.8 on CentOS 7)
Installation and configuration
Install and configure PostgreSQL (see this HowTo). Create a database and according user.
Use the Fedora COPR repository for auri installation:
$ wget -O /etc/yum.repos.d/auri.repo \ https://copr.fedorainfracloud.org/coprs/auri/releases/repo/epel-8/auri-releases-epel-8.repo # on EL7 $ yum install auri # on EL8 and Fedoro $ dnf install auri
Auri RPM file contains two configuration files with default settings:
/etc/auri/database.yml– DB connection settings
/etc/auri/config.env– configuration file for auri
Change the configuration files as needed and set the mandatory configuration options. Keep in mind to restart auri in case of configuration changes.
Update the database scheme, enable and start auri:
$ auri migrate $ systemctl enable auri $ systemctl start auri
Create the maintenance cronjobs for removal of expired requests and tokens:
$ cat > /etc/cron.d/auri <<EOF 0 3 * * * root auri task cleanup_requests && auri task cleanup_reset_tokens EOF
Auri binary provides several maintenance tasks, see
auri --help and
auri task list for more details.
This repository contains a
Vagrantfile, so you can start the development environment via vagrant in a virtual machine like this:
vagrant ssh to get to the VM, invoke
buffalo dev in the VM in order to start Auri in the development mode. You can set the configuration parameters in the development mode via creating the
.env file in the top-level. See the configuration file for possible options.
Unit tests can be executed using the prepared configuration file:
$ cp fixtures/testing-config.env .env $ make test ...
Auri was a trainee project within Deutsche Telekom Security GmbH. We assume our problem and solution are generic enough to be interesting for others, so we decided to open source it 🙂 Any help with maintenance of Auri is welcome and appreciated!
- Daniel Ajbassow – Auri initial development as part of trainee program
- Mohamad Asswad – Auri initial development as part of trainee program
- Sergej Schischkowski – mentoring and support of trainees
- Artem Sidorenko – mentoring and support of trainees
Related and similar projects
- http://freeipa.org – OpenSource identity management
- https://github.com/ubccr/mokey – Self-service account management
- https://github.com/pwm-project/pwm – Self-service password service
This project is licensed under the MIT License – see the LICENSE file for details.