On 18/10/11 13:19, Stephen Gallagher wrote: > On Tue, 2011-10-18 at 00:27 -0400, seth vidal wrote: >> On Mon, 2011-10-17 at 22:50 +0100, Tristan Santore wrote: >>> On 17/10/11 22:11, seth vidal wrote: >>>> The biggest problems with the yubikeys is: > > It might be of interest to this mailing list to be made aware of some > work being done jointly between the SSSD, FreeIPA, MIT Kerberos and > Yubico development teams. > > The plan is for SSSD and FreeIPA to support (via extensions made to MIT > Kerberos) Yubikey as a mechanism for acquiring a Kerberos TGT from > FreeIPA. We have a proof-of-concept already available (demonstrated at > this past Red Hat Summit) and work is ongoing on this. > > It might be worth revisiting the discussion about a potential FAS3 built > atop the upcoming FreeIPA v3 (which will have this support). > > > > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure This sounds by far the most promising solution, as long as the yubikey and a password for authentication is required, as in proper two-factor authentication. Stephen, is there a link for this somewhere ? If we don't use this in FI, I'd certainly consider it for my own purposes. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore@xxxxxxxxxxxxxxxxxxxxx Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore@xxxxxxxxxxxxxxxxx _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
