On Tue, 2011-10-18 at 08:19 -0400, Stephen Gallagher wrote: > On Tue, 2011-10-18 at 00:27 -0400, seth vidal wrote: > > On Mon, 2011-10-17 at 22:50 +0100, Tristan Santore wrote: > > > On 17/10/11 22:11, seth vidal wrote: > > > > The biggest problems with the yubikeys is: > > It might be of interest to this mailing list to be made aware of some > work being done jointly between the SSSD, FreeIPA, MIT Kerberos and > Yubico development teams. > > The plan is for SSSD and FreeIPA to support (via extensions made to MIT > Kerberos) Yubikey as a mechanism for acquiring a Kerberos TGT from > FreeIPA. We have a proof-of-concept already available (demonstrated at > this past Red Hat Summit) and work is ongoing on this. > > It might be worth revisiting the discussion about a potential FAS3 built > atop the upcoming FreeIPA v3 (which will have this support). > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure Replying to myself: I want to draw attention to the https://fedorahosted.org/AuthHub/ project and diagrams there. We're planning to support multiple pluggable OTP methods, which would make it possible to A) roll it out gradually and B) make it possible to select which approach works better for a particular contributor (e.g. Yubikey vs. smartphone app). I'd like to suggest that Fedora Infrastructure become involved in the AuthHub project directly and help guide this effort.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
