Mario Ceresa mrceresa at fedoraproject.org
Tue Oct 25 16:32:39 UTC 2011

Thanks Toshio for the correction!



On 25 October 2011 18:22, Toshio Kuratomi <a.badger at gmail.com> wrote:
> On Tue, Oct 25, 2011 at 11:40:29AM +0200, François Kooman wrote:
>> On 10/25/11 10:23 AM, Mario Ceresa wrote:
>> > Francois: you should already be able to use yubikey for FAS, bodhi and
>> > ssh. You don't need the yubikey prompt: just put your username, go to
>> > the password field and then press the key's button.
> Correction -- ssh will still use ssh keys.  There's no option for passwords
> in fedora infra anymore so there's also no option to use the yubikey there.
>> Really? That seems weird. If someone takes my key they would be able to
>> login? I would expect it to be two-factor authentication (username &
>> password + yubikey).
>> (I'm unable to test right now as I don't have my yubi with me)
> Correct -- it's not currently two-factor (it's either this or that).  We've
> been kicking around whether we want to make it two-factor, how we'd do that,
> who we'd enforce it upon, etc, for a while... it's hard because we have
> several different classes of users with different requirements for each.
> -Toshio

More information about the devel mailing list