-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Inicio del mensaje redirigido:

Fecha: Wed, 19 Oct 2011 18:20:09 -0500 Desde: Dennis Gilmore dennis@ausil.us Para: infrastructure@lists.fedoraproject.org Asunto: Re: 2factor auth

El Mon, 17 Oct 2011 17:11:49 -0400 seth vidal skvidal@fedoraproject.org escribió:

One final thing: Ricky Zhou mentioned this group: duosecurity.com. They have a neat system and set of apps for smart phones/devices which circumvent the problems with otp secrets being exposed. But it requires that the device you have is connected to the internet in some way - which is tricky, to say the least. Implementing something like their system should be possible - but we're going to need someone who is an android and/or ios app developer to help.

So - my questions are:

1. Is requiring an android/ios device too onerous?

yes, im moving to meego at the moment. though ill likely have a android device still. my ultimate goal is to have fedora in my pocket, but thats for another place.

2. Does the 'here's how it should work' section above make sense/seem

secure to everyone? 3. who should we be requiring to use this? sysadmin-main? sysadmin-*, anyone with a shell account? Would it make sense to make ssh keys + OTP auth to get onto fedorapeople.org at all? what about fedorahosted?

i think anyone who has sudo on a box. maybe excepting those who only have it on publictest boxes.

I happen to use my yubikey daily. its definetly my prefered method.

Dennis