idea: collect #help in meetings, display it somewhere
by Matthew Miller
Just writing down an idea I had, for future possible followup....
Zodbot has a thing where #help items can be raised during meetings. It would
be awesome if we could collect these somewhere and display them, so people
looking for stuff to do could find them -- right now, they really just go
into the ether.
Is zodbot hooked up to fedmsg? That seems like a relatively easy way to at
least collect them, and then some datagrepper-based frontend....
(Also, assuming zodbot _is_ hooked up or could be.... could it be made to
e-mail the meetingminutes automatically? (To meetingminutes for sure,
and maybe also to other lists based on a per-meeting-name configuration?)
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
9 years, 8 months
Login issue
by Aditya P
Hi Team,
My FAS user name is: adityapant .
I have encountered a strange problem at my end.
My email "1adityapant(a)gmail.com", registered with FAS, got deleted
accidently. I have been trying to login several times in order to close/
update my account, however on account my log-in after a relatively long
period, system asks me to reset the password by sending reset link to "
1adityapant(a)gmail.com" which doesn't exist now at first place.
Kindly suggest and help me in either ways by:
(list in order of preference (high to low), though I am comfortable with
either one)
1. providing me reset link access to current account on this email-id by
updating "adityapant1(a)gmail.com" as primary email id for all future
references with FAS.
*In this way, i can begin my work with same account.*
or
2. Deactivate/ disable the account and all services (including web
page,etc) associated with login name: adityapant
*Thus i can start my work with new zeal and begin fresh otherwise.*
Please confirm and expedite over the same.
Thanks in advance.
Regards,
Aditya Pant
9 years, 8 months
Congrats to Tim Flink
by Kevin Fenzi
I'm happy to announce that I have approved Tim into the sysadmin-main
group. This is the core group of trusted folks that high level access
to most things.
Tim is part of the Fedora QA group and has been working very hard on
taskotron and resultsdb and related deployment. Being in the main group
will allow him to not block on other folks adding data or doing things
he needs. Also, he may be able to help out with other tasks as his time
permits.
Congrats and use your powers for good! :)
kevin
9 years, 8 months
Meeting Agenda Item: Introduction Anders Aarvik
by Anders Aarvik
Hi all,
I am a young tech guy, with 4 years of professional experience, newly
working professionally with Linux as a Sysadmin. Interested in joining the
sysadmin FIG. I have used various distros since the age of 11.
I have experience with development, mainly in Python, PHP, Perl, shell
scripting (sh, bash, zsh, etc.), and frontend technologies for the web
aswell. Mainly interested in operations (monitoring, tuning, performance,
architecture, technology stacks, cache, and others).
I love the idea of cutting edge in Fedora, and i love the thought of being
a part of people just wanting to do the best for all of us, innovating new
software and keeping it alive. At work we usually use CentOS because of
stability, security, and the long support.
Sincerely,
Anders Aarvik
https://fedoraproject.org/wiki/User:Adionditsak
- dk.linkedin.com/pub/anders-aarvik/26/133/47b/
9 years, 8 months
About 2FA on our web-application
by Pierre-Yves Chibon
Yesterday, Patrick, Toshio, Xavier, Jeroen and I spent about 2 hours speaking
about the way to do 2 factors authentication for our web application.
I will be trying to summarize here what its output/conclusions.
Workflow:
=========
* User provides username and password
- application sends username/password to FAS
- FAS sends back an ACK-INFO-RECEIVED
- application asks for OTP
* User is prompt a new form for OTP something like (please bare my ascii art)
---------------------------------------
| |
| OTP: [ ] |
| |
| [Cancel] [I don't have an OTP] [Ok] |
---------------------------------------
The `I don't have an OTP` and the `Ok` buttons are both simple submit buttons,
sending the value of the OTP field.
- application sends the content of the OTP field to FAS (whether there is
something or not in the field)
- FAS checks
- does username/password match the DB
- does OTP belongs to user
- is OTP valid
- FAS return Yay/Nay
* user is logged in or not
The key ideas are:
==================
* the authentication server does not provide an answer when username and password
are submitted. Otherwise, $attacker has a way to find out the weakest accounts
and from there brute-force them
* the username, password and OTP are not sent in the same request (otherwise, if
$attacker intercept this request, $it has all the info at once)
We will need to have a way for FAS and fedoauth to ensure that they are talking
to each other, using signed message via the isitdangerous library might be a
way to do that (and we would probably want to do it over https).
That does mean that web-app as well as CLI will have to behave in a similar
manner, with two requests sent to fedoauth to log the user in.
As far as I remember this was the outcome of the discussion.
As consequence, the pull-request [1] that was opened to add support for OTP on
the BaseClient of python-fedora has been closed.
The plan is to wait for FAS3 to have full OTP support and integration between
fedoauth and FAS.
By that time, the BaseClient will no longer be in used, we are moving towards
OpenID and Patrick has been mentionning SAML recently. So when FAS3 is released
and gets its OTP support, we will adjust the BaseOpenIdClient or the one that
we are using.
[1] https://github.com/fedora-infra/python-fedora/pull/45
This email is meant to make sure we are all on the same page about this topic
and that we can refer back to it in the future when the time will come to look
at OTP for web-app again.
Please correct or ask for information on anything while it's still fresh in our
mind :)
Cheers,
Pierre
9 years, 8 months
Meeting Agenda Item: Introduction Daniel Bruno
by Daniel Bruno
Hello,
I'm Daniel Bruno (dbruno) I'm from Brazil and I contribute to Fedora about
6 years in the Ambassadors and Packaging groups.
I work as System administrator working mainly with Cloud environments,
NoSQL Databases, Cloudera and Hortonworks Hadoop and coding in Python to
interact with the infrastructure through the APIs, also I'm RHCE and LPI.
And now I have some more time to dedicate to project, I want to contribute
in the infrastructure group, helping to fix issues, python code, monitoring
and maintain the infrastructure available.
Regards,
--
Daniel Bruno
http://danielbruno.eti.br
9 years, 8 months