V Wed, Sep 07, 2022 at 08:53:15AM -0400, Stephen Smoogen napsal(a):
On Wed, 7 Sept 2022 at 08:27, Petr Pisar <ppisar(a)redhat.com>
wrote:
> Shouldn't we instead start with strengthening the credentials reset even
> for password-only authentication? I.e. disallowing the reset. Or enabling
> having multiple passwords.
>
>
Maybe. What work do you not want done in Fedora for the next couple of years
to do this. There are a lot of 'OMG we need this' initiatives and very few
volunteers who have the skill level to help anymore.
That said, having multiple passwords without additional tokens attached is
a security nightmare. I have dealt with 6 systems which had them because
people thought it would cut down work and it either ramped up work or ended
up with security compromises which were horrible. Disallowing resets end up
requiring about 2-3 people whose main job every couple of minutes is to go
through some form to try and confirm a person is who they are and then reset
manually. You are welcome to take that over as your full time job.
My idea of disallowing reset is no reset. That does not mean somobody will
manually reset records in a database. It means no way. It means new account,
a different login name and repeating the onboarding process (becoming
a packager, nonresponsive process for the old account, overtaking orphaned
packages).
-- Petr