depot/patches/base/kanidm/unixd-authenticated.patch

diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/src/idprovider/kanidm.rs
index d1b02de0f..599dec6d5 100644
--- a/unix_integration/src/idprovider/kanidm.rs
+++ b/unix_integration/src/idprovider/kanidm.rs
@@ -2,6 +2,7 @@ use async_trait::async_trait;
 use kanidm_client::{ClientError, KanidmClient, StatusCode};
 use kanidm_proto::v1::{OperationError, UnixGroupToken, UnixUserToken};
 use tokio::sync::RwLock;
+use std::env;
 
 use super::interface::{
     AuthCacheAction, AuthCredHandler, AuthRequest, AuthResult, GroupToken, Id, IdProvider,
@@ -11,12 +12,28 @@ use crate::unix_proto::PamAuthRequest;
 
 pub struct KanidmProvider {
     client: RwLock<KanidmClient>,
+    auth_name: Option<String>,
+    auth_password: Option<String>,
 }
 
 impl KanidmProvider {
     pub fn new(client: KanidmClient) -> Self {
+        let env_username: Option<String>;
+        let env_password: Option<String>;
+        match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) {
+            (Some(username), Some(password)) => {
+                env_username = Some(username.into_string().unwrap());
+                env_password = Some(password.into_string().unwrap());
+            },
+            _ => {
+                env_username = None;
+                env_password = None;
+            }
+        }
         KanidmProvider {
             client: RwLock::new(client),
+            auth_name: env_username,
+            auth_password: env_password,
         }
     }
 }
@@ -73,7 +90,11 @@ impl From<UnixGroupToken> for GroupToken {
 impl IdProvider for KanidmProvider {
     // Needs .read on all types except re-auth.
     async fn provider_authenticate(&self) -> Result<(), IdpError> {
-        match self.client.write().await.auth_anonymous().await {
+        let auth_method = match (&self.auth_name, &self.auth_password) {
+            (Some(name), Some(password)) => self.client.write().await.auth_simple_password(name, password).await,
+            _ => self.client.write().await.auth_anonymous().await
+        };
+        match auth_method {
             Ok(_uat) => Ok(()),
             Err(err) => {
                 error!(?err, "Provider authentication failed");