Toshio Kuratomi a.badger at gmail.com
Tue Oct 25 16:22:18 UTC 2011

On Tue, Oct 25, 2011 at 11:40:29AM +0200, François Kooman wrote:
> On 10/25/11 10:23 AM, Mario Ceresa wrote:
> > Francois: you should already be able to use yubikey for FAS, bodhi and
> > ssh. You don't need the yubikey prompt: just put your username, go to
> > the password field and then press the key's button.
Correction -- ssh will still use ssh keys.  There's no option for passwords
in fedora infra anymore so there's also no option to use the yubikey there.

> Really? That seems weird. If someone takes my key they would be able to
> login? I would expect it to be two-factor authentication (username &
> password + yubikey).
> (I'm unable to test right now as I don't have my yubi with me)
Correct -- it's not currently two-factor (it's either this or that).  We've
been kicking around whether we want to make it two-factor, how we'd do that,
who we'd enforce it upon, etc, for a while... it's hard because we have
several different classes of users with different requirements for each.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20111025/f3488120/attachment.bin 

More information about the devel mailing list