2factor auth
Stephen Gallagher
sgallagh at redhat.com
Tue Oct 18 15:23:11 UTC 2011
On Tue, 2011-10-18 at 08:19 -0400, Stephen Gallagher wrote:
> On Tue, 2011-10-18 at 00:27 -0400, seth vidal wrote:
> > On Mon, 2011-10-17 at 22:50 +0100, Tristan Santore wrote:
> > > On 17/10/11 22:11, seth vidal wrote:
> > > > The biggest problems with the yubikeys is:
>
> It might be of interest to this mailing list to be made aware of some
> work being done jointly between the SSSD, FreeIPA, MIT Kerberos and
> Yubico development teams.
>
> The plan is for SSSD and FreeIPA to support (via extensions made to MIT
> Kerberos) Yubikey as a mechanism for acquiring a Kerberos TGT from
> FreeIPA. We have a proof-of-concept already available (demonstrated at
> this past Red Hat Summit) and work is ongoing on this.
>
> It might be worth revisiting the discussion about a potential FAS3 built
> atop the upcoming FreeIPA v3 (which will have this support).
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Replying to myself:
I want to draw attention to the https://fedorahosted.org/AuthHub/
project and diagrams there.
We're planning to support multiple pluggable OTP methods, which would
make it possible to A) roll it out gradually and B) make it possible to
select which approach works better for a particular contributor (e.g.
Yubikey vs. smartphone app).
I'd like to suggest that Fedora Infrastructure become involved in the
AuthHub project directly and help guide this effort.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20111018/309264f4/attachment.bin
More information about the infrastructure
mailing list