Yubikeys are now supported
Paul Wouters
paul at xelerance.com
Thu Oct 7 21:51:31 UTC 2010
On Thu, 7 Oct 2010, Mike McGrath wrote:
>>> We also decided to allow yubikeys as an authentication option for the
>>> larger community to some hosts and services like fedorapeople.org or
>>> https://admin.fedoraproject.org/community/. When asked for a password,
>>> just use your yubikey to generate a otp instead. Those wishing to use one
>>> may purchase a yubikey on their own at:
> I suspect it'd be worth it to see if we could get one for Fedora.
I have one and I've played with it in fedora. There is however an important
catch. The server and the yubikey share the same AES symmetric key. This means
that if the yubikey is used for multiple sites by one user, that user is sharing
is his "private key" over various external sites.
So if fedoraproject would accept it, and the same user uses this yubikey for
another site, and that other site gets hacked, then fedoraproject could be
hacked as well.
I guess in a way it is like using the same password, but people might not be
thinking of that when they have a "device" on them that they use.
Paul
More information about the devel
mailing list