hatecomputers
/
infra
6
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

bruh

This commit is contained in:
Elizabeth Hunt 2024-05-12 12:32:47 -04:00
parent 7a5f565088
commit fa1d964f9a
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/PEOPLE_PLAYBOOK.md
View File

@ -1,3 +1,10 @@
WOW THIS IS BAD:
https://kanidm.github.io/kanidm/stable/accounts/anonymous.html
```shell
kanidm service-account update --entry-managed-by idm_admins anonymous
kanidm service-account validity expire-at anonymous epoch
```
obviously, don't let people have usernames that would conflict with anything internal (i.e. "email", "infra*", etc.) and are only alphanumeric
```sh

6
playbooks/roles/mail/templates/user-patches.sh.j2
View File

@ -3,7 +3,11 @@
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = /dev/shm/sasl-auth.sock'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
#postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_relay_restrictions=permit_sasl_authenticated,reject'
postconf -e 'smtpd_delay_reject = yes'
postconf -e 'smtpd_client_restrictions = permit_sasl_authenticated, reject'
postconf -e 'smtpd_sasl_security_options = noanonymous'
echo 'auth_username_format = %Ln' >> /etc/dovecot/conf.d/10-auth.conf