noggin icon indicating copy to clipboard operation
noggin copied to clipboard

Published 20 hours ago verified publisher icon fedora-infra

Medium/long-term authentication methods to be supported

Open tyll opened this issue 4 years ago • 2 comments

There was a request for the Fedora Council to distribute hardware tokens for Fedora contributors: https://pagure.io/Fedora-Council/tickets/issue/251

To be able to properly decide which hardware tokens make sense, it would be good to know which authentication methods will be supported in Fedora's infrastructure. To clarify:

  1. Will there be SSH-key authentication?
  2. Who will be able to use 2FA in the future, who will be required to and which 2FA methods will be supported?
  3. Which configuration possibilities will noggin support to ensure that accounts for contributors who received a token will always use 2FA?

tyll avatar Jun 03 '20 15:06 tyll

This is mostly dependent on what FreeIPA can support. It has been discussed in #202 , does this ticket give you the information you need?

abompard avatar Jun 03 '20 21:06 abompard

This is mostly dependent on what FreeIPA can support. It has been discussed in #202 , does this ticket give you the information you need?

Not really, since it only mentions adding yubikey support - will this be the only one that will be added? It does not mention if SSH key-based authentication will be used or if there will be options to configure 2FA requirements for accounts.

tyll avatar Jun 17 '20 09:06 tyll

Going to close as a Duplicate of https://github.com/fedora-infra/noggin/issues/202

The discussion there is about multiple differenent auth methods in IPA, not just yubikeys.

ryanlerch avatar Jun 03 '24 05:06 ryanlerch