Toshio Kuratomi a.badger at gmail.com
Tue Oct 25 23:44:45 UTC 2011

On Tue, Oct 25, 2011 at 09:17:39PM +0200, fkooman at tuxed.net wrote:
> On Tue, Oct 25, 2011 at 6:22 PM, Toshio Kuratomi <a.badger at gmail.com> wrote:
> > Correct -- it's not currently two-factor (it's either this or that).  We've
> > been kicking around whether we want to make it two-factor, how we'd do that,
> > who we'd enforce it upon, etc, for a while... it's hard because we have
> > several different classes of users with different requirements for each.
> Maybe something like SAML or OpenID 2.0 would be a solution for this
> (free single sign on included)... The people @yubikey wrote a module
> for simpleSAMLphp to support the Yubikey for 2-factor authentication.
> Would be nice to have single sign on for Bugzilla, FAS, Bodhi, Wiki...
bugzilla likely won't happen as that's controlled by RH (If upstream
bugzilla grew OpenID support, they might be convinced to let that be used...
not sure).  FAS and bodhi are single sign on (iirc, everything on
admin.fedoraproject.org).  wiki shares the same authn verification with fas
but not the auth cookie.  So you can login to the wiki with your yubikey or
fas password but you do have to do it separately from your login to
fas/bodhi/pkgdb/etc.  koji is separate.  From previous talks with the koji
devs I'm not sure whether they'd take a patch to add openid or not.  Best to
open a conversation with them if you're interested.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20111025/73128694/attachment.bin 

More information about the devel mailing list