Multi-factor authentication

Stephen John Smoogen smooge at gmail.com
Sat May 2 00:45:31 UTC 2009 

On Fri, May 1, 2009 at 5:08 PM, Mike McGrath <mmcgrath at redhat.com> wrote:
> I had intended to send this earlier but am only getting around to it.
>
> As per our discussion online (this is unrelated to the other thread about
> ldap and wanting a C coder.
>
> Dennis and I have started looking at yubikey for authentication.  After
> some discussion in the last meeting these are some of the talking points.
> As of right now nothing is set in stone but yubikeys are a strong front
> runner.
>
>  * Will likely be required for sysadmin-main and probably a few other
> highly sensitive groups (package signing)
>  * Will probably be required for those groups on specific high target
> servers.
>  * Will likely be an additional layer of authentication instead of a
> replacement.
>  * Possibly required for sudo access
>  * Possibly required for shell access
>  * Concerns about SPOF (yubikeys in particular require a central server)
>  * Might be optional for other contributors wanting to use additional
>   security.
>  * Obviously will require only Free Software.
>  * kerberos was discussed, some for some against.  The primary hangup
>   being people who use kerberos as their $DAYJOB will have conflicts when
>   working in Fedora.
>  * Concerns over what to do when a key is stolen[1] Though phone numbers
>   were mentioned as an additional verification level.
>  * Still unclear how to make the keys
>  * Implementation details still unclear though it was generally
>   considered that "yubikey + ssh key" were both "something you have".
>   Meaning it'd be "yubikey + fas password" "Something you have +
>   something you know" as is common with most multifactor authentication
>   mechanisms.

That I think covers it all. Basically I think the tasks would be

1) Get a set of keys
2) Setup test architecture.
3) Work out initial issues of how to make/destroy and deal with
potential problems.
4) Begin to architect how it would roll out.
 a) Work with yubikey and Fedora security experts on how it would be
best built for our needs.
 b) Write up procedural issues for who keys are made for, how they are
made, how they are destroyed, etc.
 c) Get political/social buyin/acceptance on procedural issues.
 d) Determine what systems would be in test environment.
5) Build a test environment with architecture.
 a) Work on breaking it
 b) Work out how much of the breakage we can accept and what we would
do when it happens.
6) Go/no-go
7) If Go, start rolling out further.

Does that help?

> My initial looks at yubikey are pretty promising, from knowing nothing to
> being able to ssh using the yubikey took only about 15 minutes.  It'll
> take less now that dgilmore has the software packaged like pam_yubico.
>
> Questions comments?
>
>        -Mike
>
> [1] This is an issue even with non keys, it's nearly impossible for us to
> verify someone is who they say they are if they no longer have access to
> their email address, even that's not really 'proof'.
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the infrastructure mailing list