Kevin Fenzi

We installed a z/vm fedora 35 instance. It was configured to have the needed s390x config and worked fine. We later started setting it's network config via linux-system-roles/network. We are...

Well, either one would work I guess... having them here would be a tad nicer if the installer doesn't support zdev, since you could then install and run linux-system-roles/networking to...

And... we just hit this in fedora, enabling systemd-nspawn. ;( As a workaround, in /etc/mock/site-defaults.cfg, I think this will work: config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/run/pesign', '/var/run/pesign' )) config_opts['nspawn_args'] = ['--capability=cap_ipc_lock','--bind=/var/run/pesign'] (well, only the second...

Note, I am pretty sure that this is caused by badges querying the _old_ account system for users, so it doesn't recognize anyone added after we switched to the new...

Yeah, could be indeed.

I think there was some reason this was not possible, but I am not sure. I agree it would be great! Failing that, we should have a script that runs...

It was pointed out on the list that this was very similar security wise to just giving someone "reset codes", ie a random small list of codes that could be...

The only case where I can see this being undesired by us is for users with sudo access. We want them all to make sure and have a otp token...

Yeah, but in both cases they would have to have the token to login to do that right?

I would love u2f/webauthn support, it's vastly more user friendly for users, and just better all around. Even if we can't implement it now in noggin, we should definitely try...