2factor auth

[Dennis Gilmore]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Inicio del mensaje redirigido:

Fecha: Wed, 19 Oct 2011 18:20:09 -0500
Desde: Dennis Gilmore <dennis at ausil.us>
Para: infrastructure at lists.fedoraproject.org
Asunto: Re: 2factor auth


El Mon, 17 Oct 2011 17:11:49 -0400
seth vidal <skvidal at fedoraproject.org> escribió:

> 
> 
> One final thing: Ricky Zhou mentioned this group: duosecurity.com.
> They have a neat system and set of apps for smart phones/devices which
> circumvent the problems with otp secrets being exposed. But it
> requires that the device you have is connected to the internet in
> some way - which is tricky, to say the least. Implementing something
> like their system should be possible - but we're going to need
> someone who is an android and/or ios app developer to help.
> 
> 
> So - my questions are:
>  1. Is requiring an android/ios device too onerous?
yes, im moving to meego at the moment. though ill likely have a android
device still. my ultimate goal is to have fedora in my pocket, but
thats for another place.
>  2. Does the 'here's how it should work' section above make sense/seem
> secure to everyone?
>  3. who should we be requiring to use this? sysadmin-main? sysadmin-*,
> anyone with a shell account? Would it make sense to make ssh keys +
> OTP auth to get onto fedorapeople.org at all? what about fedorahosted?

i think anyone who has sudo on a box.  maybe excepting those who only
have it on publictest boxes.

I happen to use my yubikey daily. its definetly my prefered method.

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iEUEARECAAYFAk6fYfAACgkQkSxm47BaWffTJgCfYxzgVPvap91oyDtoj3zx4cLN
+1cAmMdtx0Sr0EAMg50zSYCBshNyyFU=
=Wn1B
-----END PGP SIGNATURE-----