pam-himmelblau-0.2.0+git.4.904b915-2.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Himmelblau is an interoperability suite for Microsoft Azure AD and
Intune, which allows users to sign into a Linux machine using Azure
Active Directory credentials. It relies on the Microsoft
Authentication Library to communicate with the Microsoft service.

Provides

• pam-himmelblau
• bundled(rust-crate:ahash)
• bundled(rust-crate:ahash)
• bundled(rust-crate:aho-corasick)
• bundled(rust-crate:allocator-api2)
• bundled(rust-crate:anyhow)
• bundled(rust-crate:argon2)
• bundled(rust-crate:async-trait)
• bundled(rust-crate:autocfg)
• bundled(rust-crate:base32)
• bundled(rust-crate:base64)
• bundled(rust-crate:base64ct)
• bundled(rust-crate:base64urlsafedata)
• bundled(rust-crate:bindgen)
• bundled(rust-crate:bitfield)
• bundled(rust-crate:bitflags)
• bundled(rust-crate:bitflags)
• bundled(rust-crate:blake2)
• bundled(rust-crate:block-buffer)
• bundled(rust-crate:bytes)
• bundled(rust-crate:cc)
• bundled(rust-crate:cexpr)
• bundled(rust-crate:cfg-if)
• bundled(rust-crate:chrono)
• bundled(rust-crate:clang-sys)
• bundled(rust-crate:compact_jwt)
• bundled(rust-crate:configparser)
• bundled(rust-crate:cpufeatures)
• bundled(rust-crate:crypto-common)
• bundled(rust-crate:csv)
• bundled(rust-crate:csv-core)
• bundled(rust-crate:darling)
• bundled(rust-crate:darling_core)
• bundled(rust-crate:darling_macro)
• bundled(rust-crate:deranged)
• bundled(rust-crate:digest)
• bundled(rust-crate:either)
• bundled(rust-crate:encoding_rs)
• bundled(rust-crate:enumflags2)
• bundled(rust-crate:enumflags2_derive)
• bundled(rust-crate:equivalent)
• bundled(rust-crate:errno)
• bundled(rust-crate:fallible-iterator)
• bundled(rust-crate:fallible-streaming-iterator)
• bundled(rust-crate:fnv)
• bundled(rust-crate:foreign-types)
• bundled(rust-crate:foreign-types-shared)
• bundled(rust-crate:form_urlencoded)
• bundled(rust-crate:futures)
• bundled(rust-crate:futures-channel)
• bundled(rust-crate:futures-core)
• bundled(rust-crate:futures-executor)
• bundled(rust-crate:futures-io)
• bundled(rust-crate:futures-macro)
• bundled(rust-crate:futures-sink)
• bundled(rust-crate:futures-task)
• bundled(rust-crate:futures-util)
• bundled(rust-crate:generic-array)
• bundled(rust-crate:getrandom)
• bundled(rust-crate:glob)
• bundled(rust-crate:graph)
• bundled(rust-crate:h2)
• bundled(rust-crate:hashbrown)
• bundled(rust-crate:hashbrown)
• bundled(rust-crate:hashlink)
• bundled(rust-crate:hex)
• bundled(rust-crate:himmelblau_policies)
• bundled(rust-crate:himmelblau_unix_common)
• bundled(rust-crate:home)
• bundled(rust-crate:hostname)
• bundled(rust-crate:hostname-validator)
• bundled(rust-crate:http)
• bundled(rust-crate:http-body)
• bundled(rust-crate:httparse)
• bundled(rust-crate:httpdate)
• bundled(rust-crate:hyper)
• bundled(rust-crate:hyper-tls)
• bundled(rust-crate:iana-time-zone)
• bundled(rust-crate:ident_case)
• bundled(rust-crate:idna)
• bundled(rust-crate:indexmap)
• bundled(rust-crate:indexmap)
• bundled(rust-crate:ipnet)
• bundled(rust-crate:itoa)
• bundled(rust-crate:jsonwebtoken)
• bundled(rust-crate:kanidm-hsm-crypto)
• bundled(rust-crate:kanidm_lib_crypto)
• bundled(rust-crate:kanidm_proto)
• bundled(rust-crate:kanidm_unix_common)
• bundled(rust-crate:kanidm_utils_users)
• bundled(rust-crate:lazy_static)
• bundled(rust-crate:lazycell)
• bundled(rust-crate:libc)
• bundled(rust-crate:libloading)
• bundled(rust-crate:libsqlite3-sys)
• bundled(rust-crate:linux-raw-sys)
• bundled(rust-crate:log)
• bundled(rust-crate:lru)
• bundled(rust-crate:malloced)
• bundled(rust-crate:match_cfg)
• bundled(rust-crate:matchers)
• bundled(rust-crate:memchr)
• bundled(rust-crate:mime)
• bundled(rust-crate:minimal-lexical)
• bundled(rust-crate:mio)
• bundled(rust-crate:msal)
• bundled(rust-crate:native-tls)
• bundled(rust-crate:nom)
• bundled(rust-crate:nu-ansi-term)
• bundled(rust-crate:num-bigint)
• bundled(rust-crate:num-conv)
• bundled(rust-crate:num-derive)
• bundled(rust-crate:num-integer)
• bundled(rust-crate:num-traits)
• bundled(rust-crate:num_enum)
• bundled(rust-crate:num_enum_derive)
• bundled(rust-crate:num_threads)
• bundled(rust-crate:oid)
• bundled(rust-crate:once_cell)
• bundled(rust-crate:openssl)
• bundled(rust-crate:openssl-kdf)
• bundled(rust-crate:openssl-macros)
• bundled(rust-crate:openssl-probe)
• bundled(rust-crate:openssl-sys)
• bundled(rust-crate:os-release)
• bundled(rust-crate:overload)
• bundled(rust-crate:pam_himmelblau)
• bundled(rust-crate:password-hash)
• bundled(rust-crate:paste)
• bundled(rust-crate:peeking_take_while)
• bundled(rust-crate:peg)
• bundled(rust-crate:peg-macros)
• bundled(rust-crate:peg-runtime)
• bundled(rust-crate:pem)
• bundled(rust-crate:percent-encoding)
• bundled(rust-crate:picky-asn1)
• bundled(rust-crate:picky-asn1-der)
• bundled(rust-crate:picky-asn1-x509)
• bundled(rust-crate:pin-project-lite)
• bundled(rust-crate:pin-utils)
• bundled(rust-crate:pkg-config)
• bundled(rust-crate:powerfmt)
• bundled(rust-crate:ppv-lite86)
• bundled(rust-crate:prettyplease)
• bundled(rust-crate:proc-macro-crate)
• bundled(rust-crate:proc-macro-error)
• bundled(rust-crate:proc-macro-error-attr)
• bundled(rust-crate:proc-macro2)
• bundled(rust-crate:quote)
• bundled(rust-crate:rand)
• bundled(rust-crate:rand_chacha)
• bundled(rust-crate:rand_core)
• bundled(rust-crate:regex)
• bundled(rust-crate:regex-automata)
• bundled(rust-crate:regex-automata)
• bundled(rust-crate:regex-syntax)
• bundled(rust-crate:regex-syntax)
• bundled(rust-crate:reqwest)
• bundled(rust-crate:ring)
• bundled(rust-crate:rusqlite)
• bundled(rust-crate:rustc-hash)
• bundled(rust-crate:rustix)
• bundled(rust-crate:rustls-pemfile)
• bundled(rust-crate:ryu)
• bundled(rust-crate:scim_proto)
• bundled(rust-crate:semver)
• bundled(rust-crate:serde)
• bundled(rust-crate:serde_bytes)
• bundled(rust-crate:serde_derive)
• bundled(rust-crate:serde_json)
• bundled(rust-crate:serde_urlencoded)
• bundled(rust-crate:serde_with)
• bundled(rust-crate:serde_with_macros)
• bundled(rust-crate:sharded-slab)
• bundled(rust-crate:shlex)
• bundled(rust-crate:signal-hook-registry)
• bundled(rust-crate:simple_asn1)
• bundled(rust-crate:slab)
• bundled(rust-crate:smallvec)
• bundled(rust-crate:socket2)
• bundled(rust-crate:spin)
• bundled(rust-crate:strsim)
• bundled(rust-crate:subtle)
• bundled(rust-crate:syn)
• bundled(rust-crate:syn)
• bundled(rust-crate:sync_wrapper)
• bundled(rust-crate:target-lexicon)
• bundled(rust-crate:thiserror)
• bundled(rust-crate:thiserror-impl)
• bundled(rust-crate:thread_local)
• bundled(rust-crate:time)
• bundled(rust-crate:time-core)
• bundled(rust-crate:time-macros)
• bundled(rust-crate:tinyvec)
• bundled(rust-crate:tinyvec_macros)
• bundled(rust-crate:tokio)
• bundled(rust-crate:tokio-macros)
• bundled(rust-crate:tokio-native-tls)
• bundled(rust-crate:tokio-util)
• bundled(rust-crate:toml_datetime)
• bundled(rust-crate:toml_edit)
• bundled(rust-crate:tower-service)
• bundled(rust-crate:tracing)
• bundled(rust-crate:tracing-attributes)
• bundled(rust-crate:tracing-core)
• bundled(rust-crate:tracing-log)
• bundled(rust-crate:tracing-subscriber)
• bundled(rust-crate:try-lock)
• bundled(rust-crate:tss-esapi)
• bundled(rust-crate:tss-esapi-sys)
• bundled(rust-crate:typenum)
• bundled(rust-crate:unicode-bidi)
• bundled(rust-crate:unicode-ident)
• bundled(rust-crate:unicode-normalization)
• bundled(rust-crate:untrusted)
• bundled(rust-crate:url)
• bundled(rust-crate:urlencoding)
• bundled(rust-crate:utoipa)
• bundled(rust-crate:utoipa-gen)
• bundled(rust-crate:uuid)
• bundled(rust-crate:value-bag)
• bundled(rust-crate:vcpkg)
• bundled(rust-crate:version_check)
• bundled(rust-crate:want)
• bundled(rust-crate:webauthn-rs-proto)
• bundled(rust-crate:which)
• bundled(rust-crate:winnow)
• bundled(rust-crate:zerocopy)
• bundled(rust-crate:zeroize)
• bundled(rust-crate:zeroize_derive)
• libpam-aad
• pam-himmelblau(x86-64)

Requires

• himmelblau = 0.2.0+git.4.904b915
• ld-linux-x86-64.so.2()(64bit)
• ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.18)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.28)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libcrypto.so.3()(64bit)
• libgcc_s.so.1()(64bit)
• libgcc_s.so.1(GCC_3.0)(64bit)
• libgcc_s.so.1(GCC_3.3)(64bit)
• libgcc_s.so.1(GCC_4.2.0)(64bit)
• libpam.so.0()(64bit)
• libpam.so.0(LIBPAM_1.0)(64bit)
• libsqlite3.so.0()(64bit)
• libssl.so.3()(64bit)
• libtss2-esys.so.0()(64bit)
• libtss2-mu.so.0()(64bit)
• libtss2-tctildr.so.0()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

MPL-2.0

Changelog

* Thu Feb 29 2024 dmulder@suse.com
  - Himmelblau provides the features found in aad-auth packages from
    other distros.
* Tue Feb 20 2024 dmulder@suse.com
  - Update to version 0.2.0+git.4.904b915:
    * Update to latest msal
    * Version 0.2.0
    * Himmelblau now authenticates only to configured domains
    * Remove reference to python-msal dep in README
    * Use the external MSAL crate for auth
    * Rename msal in prep for external msal crate
    * msal: Remove python msal bindings
    * msal: Rust msal
    * Point Cargo.toml to new project home
    * config: Write domain join to server specific config
    * idprovider: Invalidate cached user if PRT req fails
    * idprovider: Pass the keystore to the auth function
    * Update daemon from kanidm
    * test: Add a pause to ensure tasks daemon sees himmelblau
    * Update kanidm submodule
    * config: Include domain sections in configured domains
    * msal: Add acquire_token_by_refresh_token
    * enrollment: Authentication fixes
    * tests: Create the hsm-pin directory
    * idprovider: Add domain join debug
    * cargo: Use relative paths and remove most symlinks
    * idprovider: Allow group search when device is authenticated
    * msal: Move the application reqs from misc to msal::application
    * msal: Move user reqs from misc to msal::user
    * Remove duplicates from allow_groups during enrollment
    * Remove device enrollment from TODO
    * Implement Device enrollment
    * enrollment: Add the nonce service request
    * enrollment: Add enrollment service discovery
    * Implement ConfidentialClientApplication for enrollment
    * daemon: Fix inverted logic on cache dir check
    * nss: Use upstream nss package
    * idprovider: Provider auth needs to point to just the host
    * config: Consistently use the config file provided to the daemon
    * cargo: Use relative paths and remove most symlinks
    * clippy: Add kanidm's clippy config
    * config: Only check for tenant_id, authority, graph if necessary
    * Update README.md
    * Update version to 0.1.2
    * config: Fix typos in the config file
    * Make most params to acquire_token_interactive optional
    * Config can take defaults
    * cli: Add missing cli opt file
    * cli: Improve aad-tool options and interface
    * Update README.md
    * tests: Fix tasks daemon name typo
    * Remove MFA from TODO
* Fri Dec 22 2023 dmulder@suse.com
  - Update to version 0.1.1+git.10.4aa76b7:
    * daemon: Fix inverted logic on cache dir check
    * nss: Use upstream nss package
    * idprovider: Provider auth needs to point to just the host
    * config: Consistently use the config file provided to the daemon
    * cargo: Use relative paths and remove most symlinks
    * clippy: Add kanidm's clippy config
    * config: Only check for tenant_id, authority, graph if necessary
    * Correct the cargo version
* Mon Nov 13 2023 dmulder@suse.com
  - Update to version 0.1.1+git.0.6d2f645:
    * config: Remove comments about experimental policy enforement
    * config: Fix typos in the config file
* Tue Sep 26 2023 Jan Engelhardt <jengelh@inai.de>
  - Reduce size of expanded scriptlets by reducing %service_* calls
  - Wrap descriptions
* Thu Sep 14 2023 david.mulder@suse.com
  - Update to version 0.1.0+git.2.2391ac0:
    * Update version to 0.1.0
    * Update the README
    * idprovider: Fix mixed case auth failure
    * daemon: Port daemon changes from kanidm
    * provider: Skip provider init on silent auth and offline
    * daemon: Run himmelblaud as non-root dynamic user
* Tue Sep 12 2023 david.mulder@suse.com
  - Update to version 0.0.4+git.50.112df77:
    * Always match DAG where present
    * Prohibit authentication with changing IDs
* Fri Sep 08 2023 david.mulder@suse.com
  - Update to version 0.0.4+git.42.d641c8b:
    * Run cargo fmt and cargo clippy
    * Implement DeviceAuthorizationGrant for MFA
    * test: Initialize the pam_allow_groups with users
    * Use new pam state machine in himmelblau
    * Remove the non-functional device enrollment
    * TODO: New details regarding MS auth cache
    * daemon: Implement pam allow groups
    * Code rearrangement
* Thu Aug 10 2023 dmulder@suse.com
  - Update to version 0.0.4+git.30.26c26e7:
    * aad-tool: Disable enrollment by default
    * provider: Fetch GECOS from old token on silent acquire
    * msal: Add bindings for device auth flow
    * Add debug for local user ignore
    * provider: Only retry auth if we're sure group read was requested
    * provider: Provide user token refresh
    * provider: Cause unix_group_get to respond with BadRequest
    * provider: Implement provider_authenticate
* Tue Aug 08 2023 dmulder@suse.com
  - Update to version 0.0.4+git.9.a7c5ac2:
    * osc breaks with workspace errors using symlinks
    * gp: Disable MDM policies by default
* Mon Aug 07 2023 dmulder@suse.com
  - Update to version 0.0.4+git.3.b500f1f:
    * Update serde version
    * Update version to 0.0.4
    * Only build necessary bits of kanidm proto
    * Add cache operations to daemon and aad-tool
    * tests: Include local cache of rust deps
    * cache: Use the kanidm cache backend
* Mon Jul 31 2023 dmulder@suse.com
  - Update to version 0.0.3+git.10.761b4d2:
    * gp: Apply chromium policies
    * gp: Implement Group Policy object listing
    * test: Fix build test failure
    * tests: Return the correct error code from tests
    * test: Separate project build from docker build
    * tests: Deploy config when testing
* Tue Jul 18 2023 dmulder@suse.com
  - Update to version 0.0.3+git.3.f0883b1:
    * nss: Fix misaligned pointer dereference errors
    * Fix code links
* Mon Jul 17 2023 dmulder@suse.com
  - Update to version 0.0.3+git.1.e6847eb:
    * Revert "nss: Use kanidm nss code"
    * Update lib versions to match package version
    * Shallow clone kanidm for pam/nss
    * tests: Fix tar recursion
* Fri Jul 14 2023 dmulder@suse.com
  - Update to version 0.0.2+git.22.1c3ce4b:
    * Remove symlinks and just point to kanidm sources
    * nss: Use kanidm nss code
    * Add submodule commands to main Makefile
    * pam: Use kanidm pam code, glue into himmelblau
    * TODO: Only auth to configured domains
* Mon Jul 10 2023 dmulder@suse.com
  - Update to version 0.0.2+git.15.d42b114:
    * aad-tool: Enroll via the daemon
    * config: Add func for requesting configured socket path
    * aad-tool: Improve enroll options
* Mon Jul 10 2023 dmulder@suse.com
  - Update to version 0.0.2+git.11.91df240:
    * daemon: Add a systemd service
    * daemon: Don't request group read scope if using Intune
    * TODO: Mention the work needed for the cache
    * README: Include homedir creation instructions
    * daemon: If auth fails, indicate the user
* Fri Jul 07 2023 dmulder@suse.com
  - Update to version 0.0.2+git.6.de1afd6:
    * test: Ensure invalid users aren't cached
    * test: Skip getent group tests failing due to nss issue
    * tests: Add nss tests
    * tests: Test pam auth
    * msal: Allow fetching auth url
* Wed Jun 28 2023 dmulder@suse.com
  - Update to version 0.0.2+git.0.5bfbedd:
    * cache: Make the cache persistent
    * TODO: Cannot fudge an initial nss request
    * Use tracing for debug instead of log
    * aad-tool: Fix some build warnings
    * aad-tool: Add TODO comments regarding enrollment issues
    * aad-tool: Always use interactive enrollment
    * fix readme
    * aad-tool: Save the device_id after enrollment
    * aad-tool: Cannot enroll in Intune Portal directly
    * aad-tool: Parse the enrollment response
    * aad-tool: Add a enroll command for Azure AD device
    * memcache: Only append existing group member if missing
    * himmelblaud: Fix login when Intune errors on group read
    * memcache: Create a memcache for user and group caching
    * TODO: Group memberships
    * TODO: NSS requests via GET reqs
    * config: Include default for authority_host
    * config: Specify constants for defaults
    * Cleanup the build depencencies
    * TODO: Fix the headings
    * TODO: Add major reqs section
    * Cause the odc provider to supply the authority_host
    * TODO: Use tracing module
    * Include offline logon in todo list
    * Add a TODO list
    * Discover the tenant_id in the same manner as Intune
    * himmelblaud: Debug for unknown user/group
    * himmelblaud: Fix failure to cache user
    * himmelblaud: Pam Allowed and Sessions stubs
    * himmelblaud: Implement NssGroupByGid and NssAccountByUid
    * himmelblaud: Implement group lookups
    * Include the gecos in the mem cache
    * Use config for shell, homedir, uid range, tenant
    * Improve Developer Readme
    * config: Config should not default app_id
    * Remove invalid comment
    * himmelblaud: Return with failure without tenant_id
    * config: Move the config to unix_common module
    * himmelblaud: Make the socket path configurable
    * himmelblaud: Use Intune portal when app_id unset
* Fri Jun 02 2023 dmulder@suse.com
  - Update to version 0.0.1+git.15.f9a024e:
    * Generate unix uid/gid
    * himmelblaud: Stubs for NssGroupByName and NssGroups
    * himmelblaud: Fix auth failure error message
    * himmelblaud: Open socket with permissions for users to read/write
    * msal: Fix nssaccountbyname lookup
    * himmelblaud: Improve logging
    * Include systemd journal logging
    * msal: Fix failure parsing user token dict
    * Implement simple NssAccountByName
    * Implement basic NssAccounts request
    * pam: Fix unused variable warning
    * himmelblaud: Rewrite the daemon in Rust
    * msal: Add a simple rust binding to python msal
    * Remove the python daemon in favor of Rust
* Fri May 26 2023 dmulder@suse.com
  - Update to version 0.0.1+git.0.56eb9f0:
    * himmelblaud: Implement nss lookups in the daemon
    * himmelblaud: Allow anyone to r/w the socket
    * himmelblaud: Implement simple nss getpwent name
    * pam: Remove account allowed and being session impl
    * unix_common: UID and GID need not match
    * himmelblaud: Improve the debug output
    * himmelblaud: Remove stdout debug since logging to journald
    * himmelblaud: Log to the systemd journal
    * nss: Add the nss module
    * Improve directory structure

Files

/usr/lib64/security/pam_himmelblau.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 30 23:52:28 2024