2factor auth
Tristan Santore
tristan.santore at internexusconnect.net
Tue Oct 18 15:23:39 UTC 2011
On 18/10/11 13:19, Stephen Gallagher wrote:
> On Tue, 2011-10-18 at 00:27 -0400, seth vidal wrote:
>> On Mon, 2011-10-17 at 22:50 +0100, Tristan Santore wrote:
>>> On 17/10/11 22:11, seth vidal wrote:
>>>> The biggest problems with the yubikeys is:
>
> It might be of interest to this mailing list to be made aware of some
> work being done jointly between the SSSD, FreeIPA, MIT Kerberos and
> Yubico development teams.
>
> The plan is for SSSD and FreeIPA to support (via extensions made to MIT
> Kerberos) Yubikey as a mechanism for acquiring a Kerberos TGT from
> FreeIPA. We have a proof-of-concept already available (demonstrated at
> this past Red Hat Summit) and work is ongoing on this.
>
> It might be worth revisiting the discussion about a potential FAS3 built
> atop the upcoming FreeIPA v3 (which will have this support).
>
>
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
This sounds by far the most promising solution, as long as the yubikey
and a password for authentication is required, as in proper two-factor
authentication.
Stephen, is there a link for this somewhere ? If we don't use this in
FI, I'd certainly consider it for my own purposes.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
More information about the infrastructure
mailing list