-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Inicio del mensaje redirigido:
Fecha: Wed, 19 Oct 2011 18:20:09 -0500
Desde: Dennis Gilmore <dennis(a)ausil.us>
Para: infrastructure(a)lists.fedoraproject.org
Asunto: Re: 2factor auth
El Mon, 17 Oct 2011 17:11:49 -0400
seth vidal <skvidal(a)fedoraproject.org> escribió:
One final thing: Ricky Zhou mentioned this group:
duosecurity.com.
They have a neat system and set of apps for smart phones/devices which
circumvent the problems with otp secrets being exposed. But it
requires that the device you have is connected to the internet in
some way - which is tricky, to say the least. Implementing something
like their system should be possible - but we're going to need
someone who is an android and/or ios app developer to help.
So - my questions are:
1. Is requiring an android/ios device too onerous?
yes, im moving to meego at the moment. though ill likely have a android
device still. my ultimate goal is to have fedora in my pocket, but
thats for another place.
2. Does the 'here's how it should work' section above
make sense/seem
secure to everyone?
3. who should we be requiring to use this? sysadmin-main? sysadmin-*,
anyone with a shell account? Would it make sense to make ssh keys +
OTP auth to get onto
fedorapeople.org at all? what about fedorahosted?
i think anyone who has sudo on a box. maybe excepting those who only
have it on publictest boxes.
I happen to use my yubikey daily. its definetly my prefered method.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iEUEARECAAYFAk6fYfAACgkQkSxm47BaWffTJgCfYxzgVPvap91oyDtoj3zx4cLN
+1cAmMdtx0Sr0EAMg50zSYCBshNyyFU=
=Wn1B
-----END PGP SIGNATURE-----