depot/patches/base/kanidm/unixd-authenticated.patch

diff --git a/unix_integration/resolver/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs
index d0a6a8159..7ebc0449d 100644
--- a/unix_integration/resolver/src/idprovider/kanidm.rs
+++ b/unix_integration/resolver/src/idprovider/kanidm.rs
@@ -7,6 +7,7 @@ use kanidm_proto::internal::OperationError;
 use kanidm_proto::v1::{UnixGroupToken, UnixUserToken};
 use std::collections::BTreeSet;
 use std::time::{Duration, SystemTime};
+use std::env;
 use tokio::sync::{broadcast, Mutex};
 
 use kanidm_lib_crypto::CryptoPolicy;
@@ -39,6 +40,8 @@ struct KanidmProviderInternal {
     hmac_key: HmacKey,
     crypto_policy: CryptoPolicy,
     pam_allow_groups: BTreeSet<String>,
+    auth_name: Option<String>,
+    auth_password: Option<String>,
 }
 
 pub struct KanidmProvider {
@@ -103,6 +106,19 @@ impl KanidmProvider {
             .map(|GroupMap { local, with }| (local, Id::Name(with)))
             .collect();
 
+        let env_username: Option<String>;
+        let env_password: Option<String>;
+        match (env::var_os("KANIDM_NAME"), env::var_os("KANIDM_PASSWORD")) {
+            (Some(username), Some(password)) => {
+                env_username = Some(username.into_string().unwrap());
+                env_password = Some(password.into_string().unwrap());
+            },
+            _ => {
+                env_username = None;
+                env_password = None;
+            }
+        }
+
         Ok(KanidmProvider {
             inner: Mutex::new(KanidmProviderInternal {
                 state: CacheState::OfflineNextCheck(now),
@@ -110,6 +126,8 @@ impl KanidmProvider {
                 hmac_key,
                 crypto_policy,
                 pam_allow_groups,
+                auth_name: env_username,
+                auth_password: env_password
             }),
             map_group,
         })
@@ -262,7 +280,11 @@ impl KanidmProviderInternal {
         let mut max_attempts = 3;
         while max_attempts > 0 {
             max_attempts -= 1;
-            match self.client.auth_anonymous().await {
+            let auth_method = match (&self.auth_name, &self.auth_password) {
+                (Some(name), Some(password)) => self.client.auth_simple_password(name, password).await,
+                _ => self.client.auth_anonymous().await
+            };
+            match auth_method {
                 Ok(_uat) => {
                     debug!("provider is now online");
                     self.state = CacheState::Online;