I have some feature ideas which I would like to include in the official version if you folks are interested. Feel free to voice concerns or reject them if you do not believe them appropriate.
Public Key Expiration
This patch adds an expiration functionality to public keys. The administrator is able to configure if and when public keys should expire. The ldap_update file (executed inside a cron job) checks every public key and sends emails out to users when the keys are close to expiration. It also deals with deleting expired keys.
Impact
To make sure that a person does not simply readd the same key, it is necessary to make the fingerprint_sha256 field unique and switch from deleting keys to only disabling them. To make sure that already deployed service are ready to migrate, all duplicate fingerprints are set to null to allow changing the column to unique.
The impact to existing users is, that from now on, the public key table would keep growing and keys are never completely removed. There is also a chance that existing keys are losing their fingerprint if they are used in multiple places (Two users sharing a key).
I have some feature ideas which I would like to include in the official version if you folks are interested. Feel free to voice concerns or reject them if you do not believe them appropriate.
Public Key Expiration
This patch adds an expiration functionality to public keys. The administrator is able to configure if and when public keys should expire. The ldap_update file (executed inside a cron job) checks every public key and sends emails out to users when the keys are close to expiration. It also deals with deleting expired keys.
Impact
To make sure that a person does not simply readd the same key, it is necessary to make the fingerprint_sha256 field unique and switch from deleting keys to only disabling them. To make sure that already deployed service are ready to migrate, all duplicate fingerprints are set to null to allow changing the column to unique.
The impact to existing users is, that from now on, the public key table would keep growing and keys are never completely removed. There is also a chance that existing keys are losing their fingerprint if they are used in multiple places (Two users sharing a key).