[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5732":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":24,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":39,"readmeContent":40,"aiSummary":41,"trendingCount":15,"starSnapshotCount":15,"syncStatus":42,"lastSyncTime":43,"discoverSource":44},5732,"kanidm","kanidm\u002Fkanidm","Kanidm: A simple, secure, and fast identity management platform","https:\u002F\u002Fkanidm.com",null,"Rust",5037,333,20,246,0,1,17,123,6,38.57,"Mozilla Public License 2.0",false,"master",true,[26,27,28,29,30,31,32,33,34,35,36,37,38],"authentication","iam","identity","identity-management","idm","ldap","oidc","radius","rust","scim","security","ssh-authentication","webauthn","2026-06-12 02:01:14","# Kanidm - Simple and Secure Identity Management\n\n![Kanidm Logo](artwork\u002Flogo-small.png)\n\n## About\n\nKanidm is a simple and secure identity management platform, allowing other applications and services to offload the\nchallenge of authenticating and storing identities to Kanidm.\n\nThe goal of this project is to be a complete identity provider, covering the broadest possible set of requirements and\nintegrations. You should not need any other components (like Keycloak) when you use Kanidm - we already have everything\nyou need!\n\nTo achieve this we rely heavily on strict defaults, simple configuration, and self-healing components. This allows\nKanidm to support small home labs, families, small businesses, and all the way to the largest enterprise needs.\n\nIf you want to host your own authentication service, then Kanidm is for you!\n\n\u003Cdetails>\n  \u003Csummary>Supported Features\u003C\u002Fsummary>\n\nKanidm supports:\n\n- Passkeys (WebAuthn) for secure cryptographic authentication\n  - Attested passkeys for high security environments\n- Application Portal allowing easy access to linked applications\n- OAuth2\u002FOIDC authentication provider for SSO\n- OAuth2\u002FOIDC service access with token exchange services\n- Linux\u002FUnix integration with TPM protected offline authentication\n- SSH key distribution to Linux\u002FUnix systems\n- RADIUS for network and VPN authentication\n- Read-only LDAPs gateway for Legacy Systems\n- Complete CLI tooling for Administration\n- Two node high availability using database replication\n- A WebUI for user self-service\n- And more!\n\n\u003C\u002Fdetails>\n\n## Documentation \u002F Getting Started \u002F Install\n\nIf you want to read more about what Kanidm can do, you should read our documentation.\n\n- [Kanidm book (latest stable)](https:\u002F\u002Fkanidm.github.io\u002Fkanidm\u002Fstable\u002F)\n\nWe also have a set of [support guidelines](https:\u002F\u002Fgithub.com\u002Fkanidm\u002Fkanidm\u002Fblob\u002Fmaster\u002Fbook\u002Fsrc\u002Fsupport.md) for what\nthe project team will support.\n\n## Code of Conduct \u002F Ethics\n\nAll interactions with the project are covered by our [code of conduct].\n\nWhen we develop features, we follow our project's guidelines on [rights and ethics].\n\n[code of conduct]: https:\u002F\u002Fgithub.com\u002Fkanidm\u002Fkanidm\u002Fblob\u002Fmaster\u002FCODE_OF_CONDUCT.md\n[rights and ethics]: https:\u002F\u002Fgithub.com\u002Fkanidm\u002Fkanidm\u002Fblob\u002Fmaster\u002Fbook\u002Fsrc\u002Fdevelopers\u002Fdeveloper_ethics.md\n\n## Getting in Contact \u002F Questions\n\nWe have a Matrix-powered [gitter community channel] where project members are always happy to chat and answer questions.\nAlternately you can open a new [GitHub discussion].\n\n[gitter community channel]: https:\u002F\u002Fapp.gitter.im\u002F#\u002Froom\u002F#kanidm_community:gitter.im\n[github discussion]: https:\u002F\u002Fgithub.com\u002Fkanidm\u002Fkanidm\u002Fdiscussions\n\n## What does Kanidm mean?\n\nKanidm is a portmanteau of 'kani' and 'idm'. Kani is Japanese for crab, related to Rust's mascot Ferris the crab.\nIdentity management is often abbreviated to 'idm', and is a common industry term for authentication providers.\n\nKanidm is pronounced as \"kar - nee - dee - em\".\n\n## Kanidm Anthem\n\n> An anthem is a popular song, especially a rock song felt to sum up the attitudes or feelings associated with a period\n> or social group.\n\nThe Kanidm anthem is [Crab Rave - Noisestorm](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=LDU_Txk06tM)\n\n## Comparison with other services\n\n\u003Cdetails> \u003Csummary>LLDAP\u003C\u002Fsummary>\n\n[LLDAP](https:\u002F\u002Fgithub.com\u002Fnitnelave\u002Flldap) is a similar project focused on providing a small, easy-to-administer LDAP\nserver with a web administration portal. Both LLDAP and Kanidm use the\n[Kanidm LDAP bindings](https:\u002F\u002Fgithub.com\u002Fkanidm\u002Fldap3) and share many common design ideas.\n\nThe primary advantage of Kanidm over LLDAP is its broader built-in feature set, including native support for OAuth2 and\nOIDC. In contrast, LLDAP requires integration with an external portal like Keycloak to provide these features. However,\nLLDAP’s simplicity — offering fewer features — can make it easier to deploy and manage for certain use cases.\n\nWhile LLDAP provides a simple Web UI as the main user management interface, Kanidm currently offers administrative\nfunctionality primarily via its CLI, with its Web UI designed more for user interactions than for administration.\n\nIf Kanidm feels too complex for your needs, LLDAP is a smaller and simpler alternative. But if you want a more\nfeature-rich solution out of the box, Kanidm will likely be a better fit.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails> \u003Csummary>389-ds \u002F OpenLDAP\u003C\u002Fsummary>\n\nBoth 389 Directory Server (389-ds) and OpenLDAP are general-purpose LDAP servers. They provide LDAP functionality only,\nso you must supply your own Identity Management (IDM) components—such as an OIDC portal, self-service web UI,\ncommand-line tools for administration, and more.\n\nIf you require maximum customization of your LDAP deployment, 389-ds or OpenLDAP may be better choices. However, if you\nprefer an easy-to-set-up service focused specifically on IDM, Kanidm is a superior option.\n\nKanidm draws inspiration from both 389-ds and OpenLDAP and already matches or exceeds 389-ds in directory service\nperformance and scalability, while offering a richer feature set.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails> \u003Csummary>FreeIPA\u003C\u002Fsummary>\n\nFreeIPA is a comprehensive identity management system for Linux\u002FUnix, bundling many services including LDAP, Kerberos,\nDNS, and a Certificate Authority.\n\nHowever, FreeIPA is complex, consisting of numerous components and configurations, which leads to higher resource usage\nand administrative overhead during setup and upgrades.\n\nKanidm aims to offer the feature richness of FreeIPA but with a lighter resource footprint and simpler management. In\nbenchmarks with 3,000 users and 1,500 groups, Kanidm demonstrated approximately three times faster search operations and\nfive times faster modifications and additions (results may vary, but Kanidm generally outperforms FreeIPA in speed).\n\nIf you want a full IDM solution that’s easier to manage and more efficient, Kanidm is worth considering.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails> \u003Csummary>Keycloak\u003C\u002Fsummary>\n\n[Keycloak](https:\u002F\u002Fgithub.com\u002Fkeycloak\u002Fkeycloak) is an OIDC\u002FOAuth2\u002FSAML provider that can layer WebAuthn authentication\non top of existing IDM systems. Although it can operate as a stand-alone IDM solution, it is commonly used alongside an\nLDAP server or similar backend.\n\nDeploying Keycloak requires significant configuration and expertise. Its extensive customization options for\nauthentication workflows can make initial setup challenging.\n\nKanidm does not require Keycloak to provide OAuth2 and other services. It integrates many of these capabilities in a\nsimpler, more streamlined way right out of the box.\n\n\u003C\u002Fdetails> \u003Cdetails> \u003Csummary>Rauthy\u003C\u002Fsummary>\n\n[Rauthy](https:\u002F\u002Fgithub.com\u002Fsebadob\u002Frauthy) is a minimal OIDC provider supporting WebAuthn—using some of the same\nlibraries as Kanidm.\n\nHowever, Rauthy focuses exclusively on OIDC and does not support additional use cases such as RADIUS or Unix\nauthentication.\n\nIf you need a minimal OIDC-only provider, Rauthy is an excellent choice. But if you require a broader feature set,\nKanidm is the better option.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails> \u003Csummary>Authentik \u002F Authelia \u002F Zitadel\u003C\u002Fsummary>\n\n[Authentik](https:\u002F\u002Fgithub.com\u002Fgoauthentik\u002Fauthentik) (written in Python),\n[Authelia](https:\u002F\u002Fgithub.com\u002Fauthelia\u002Fauthelia), and [Zitadel](https:\u002F\u002Fgithub.com\u002Fzitadel\u002Fzitadel) (both written in Go)\nare IDM providers similar to Kanidm in many respects. However, all three have weaker support for Unix authentication and\ndo not provide the advanced authentication policies or WebAuthn Attestation capabilities that Kanidm offers.\n\nAdditionally, these projects rely on external SQL databases such as PostgreSQL, which can introduce potential single\npoints of failure and performance bottlenecks. In contrast, Kanidm uses its own high-performance database and\nreplication system, developed based on enterprise LDAP server experience.\n\n\u003C\u002Fdetails>\n\n## Developer Getting Started\n\nIf you want to contribute to Kanidm there is a getting started [guide for developers]. IDM is a diverse topic and we\nencourage contributions of many kinds in the project, from people of all backgrounds.\n\nWhen developing the server you should refer to the latest commit documentation instead.\n\n- [Kanidm book (latest commit)](https:\u002F\u002Fkanidm.github.io\u002Fkanidm\u002Fmaster\u002F)\n\n[guide for developers]: https:\u002F\u002Fkanidm.github.io\u002Fkanidm\u002Fmaster\u002Fdevelopers\u002Findex.html\n","Kanidm 是一个简单、安全且快速的身份管理平台，旨在为其他应用程序和服务提供身份验证和存储功能。项目采用 Rust 语言开发，支持广泛的认证协议和技术，包括 WebAuthn、OAuth2\u002FOIDC、RADIUS 和 LDAP 等，以满足从小型家庭实验室到大型企业的不同需求。其核心特点包括严格的默认设置、简单的配置流程以及自愈组件设计，确保系统的稳定性和安全性。此外，Kanidm 还提供了丰富的 CLI 工具及用户友好的 WebUI，方便管理和使用。适用于需要自主托管身份认证服务的各种场景，如企业内部系统、云计算环境或个人项目等。",2,"2026-06-11 03:04:54","top_language"]