Auri

GitHub license Maintenance made-with-Go made-with-Gobuffalo Go Report Card

GitHub release GitHub Actions Copr build status

Auri stands for: Automated User Registration IPA

Auri implements self service account creation and reset of credentials for FreeIPA

Features

  • Requesting of accounts with validation workflow (see below)
  • Whitelisting of allowed domains
  • Self-service reset of password and/or SSH keys
  • Designed to store as less data as possible (e.g. no secrets are stored)
  • Logging of all IPA operations
  • Logging of all interactions (e.g. account request, approval actions)

Workflow

Workflow overview

Requirements

  • Linux (RH family)
  • PostgreSQL (tested with PostgreSQL 12)
  • FreeIPA (tested with FreeIPA 4.6.8 on CentOS 7)

Installation and configuration

Install and configure PostgreSQL (see this HowTo). Create a database and according user.

Use the Fedora COPR repository for auri installation:

$ wget -O /etc/yum.repos.d/auri.repo \
       https://copr.fedorainfracloud.org/coprs/auri/releases/repo/epel-8/auri-releases-epel-8.repo
# on EL7
$ yum install auri
# on EL8 and Fedoro
$ dnf install auri

Auri RPM file contains two configuration files with default settings:

  • /etc/auri/database.yml – DB connection settings
  • /etc/auri/config.env – configuration file for auri

Change the configuration files as needed and set the mandatory configuration options. Keep in mind to restart auri in case of configuration changes.

Update the database scheme, enable and start auri:

$ auri migrate
$ systemctl enable auri
$ systemctl start auri

Create the maintenance cronjobs for removal of expired requests and tokens:

/etc/cron.d/auri <

$ cat > /etc/cron.d/auri <<EOF
0 3 * * * root auri task cleanup_requests && auri task cleanup_reset_tokens
EOF

Tasks

Auri binary provides several maintenance tasks, see auri --help and auri task list for more details.

Development environment

This repository contains a Vagrantfile, so you can start the development environment via vagrant in a virtual machine like this:

  1. Install vagrant
  2. Install virtualbox
  3. Clone the repository
  4. Invoke vagrant up and grab a coffee

Invoke vagrant ssh to get to the VM, invoke buffalo dev in the VM in order to start Auri in the development mode. You can set the configuration parameters in the development mode via creating the .env file in the top-level. See the configuration file for possible options.

Unit tests can be executed using the prepared configuration file:

$ cp fixtures/testing-config.env .env
$ make test
...

Authors

Auri was a trainee project within Deutsche Telekom Security GmbH. We assume our problem and solution are generic enough to be interesting for others, so we decided to open source it 🙂 Any help with maintenance of Auri is welcome and appreciated!

Acknowledgments

Related and similar projects

License

This project is licensed under the MIT License – see the LICENSE file for details.

GitHub

https://github.com/auri/auri