- 1. Introduction to Kanidm
- 2. Evaluation Quickstart
- 3. Supported Features
- 4. Project Support
- 5. Installing the Server
- 5.1. Choosing a Domain Name
- 5.2. Preparing for your Deployment
- 5.3. Server Configuration
- 5.4. Security Hardening
- 5.5. Server Updates
- 6. Client Tools
- 6.1. Installing Client Tools
- 7. Administration
- 7.1. Backup and Restore
- 7.2. Database Maintenance
- 7.3. Domain Rename
- 7.4. Monitoring the platform
- 7.5. Recycle Bin
- 8. Accounts and Groups
- 8.1. People Accounts
- 8.2. Authentication and Credentials
- 8.3. Groups
- 8.4. Service Accounts
- 8.5. Anonymous Account
- 8.6. Account Policy
- 8.7. POSIX Accounts and Groups
- 9. Access Control
- 10. Service Integrations
- 10.1. LDAP
- 10.2. OAuth2
- 10.2.1. Custom Claims
- 10.2.2. Example Configurations
- 10.2.3. How does OAuth2 work?
- 10.3. PAM and nsswitch
- 10.3.1. SUSE / OpenSUSE
- 10.3.2. Fedora
- 10.3.3. Troubleshooting
- 10.4. RADIUS
- 10.5. SSSD
- 10.6. SSH Key Distribution
- 11. Service Integration Examples
- 11.1. Kubernetes Ingress
- 11.2. OAuth2 Examples
- 11.3. Traefik
- 12. Replication
- 12.1. Planning
- 12.2. Deployment
- 12.3. Administration
- 13. Synchronisation
- 13.1. FreeIPA
- 13.2. LDAP
- Support
- 14. Troubleshooting
- 15. Frequently Asked Questions
- 16. Glossary
- For Developers
- 17. Developer Guide
- 18. Developer Ethics
- 19. Frequently Asked Questions
20. Design Documents
- 20.1. Access Profiles 2022
- 20.2. Access Profiles Original
- 20.3. Access Control Defaults
- 20.4. Architecture
- 20.5. Authentication flow
- 20.6. Cryptography Key Domains (2024)
- 20.7. Domain Join - Machine Accounts
- 20.8. Elevated Priv Mode
- 20.9. OAuth2 Device Flow
- 20.10. OAuth2 Refresh Tokens
- 20.11. Replication Coordinator
- 20.12. Replication Design and Notes
- 20.13. REST Interface
- 20.14. Unixd Multi Resolver 2024
- 21. Python Module
- 22. RADIUS Module Development
- 23. Release Checklist
- 24. Packaging
- 24.1. Debian/Ubuntu Packaging
- 24.2. PPA Packages
- 24.3. Community Packages