-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Inicio del mensaje redirigido: Fecha: Wed, 19 Oct 2011 18:20:09 -0500 Desde: Dennis Gilmore <dennis@xxxxxxxx> Para: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Asunto: Re: 2factor auth El Mon, 17 Oct 2011 17:11:49 -0400 seth vidal <skvidal@xxxxxxxxxxxxxxxxx> escribió: > > > One final thing: Ricky Zhou mentioned this group: duosecurity.com. > They have a neat system and set of apps for smart phones/devices which > circumvent the problems with otp secrets being exposed. But it > requires that the device you have is connected to the internet in > some way - which is tricky, to say the least. Implementing something > like their system should be possible - but we're going to need > someone who is an android and/or ios app developer to help. > > > So - my questions are: > 1. Is requiring an android/ios device too onerous? yes, im moving to meego at the moment. though ill likely have a android device still. my ultimate goal is to have fedora in my pocket, but thats for another place. > 2. Does the 'here's how it should work' section above make sense/seem > secure to everyone? > 3. who should we be requiring to use this? sysadmin-main? sysadmin-*, > anyone with a shell account? Would it make sense to make ssh keys + > OTP auth to get onto fedorapeople.org at all? what about fedorahosted? i think anyone who has sudo on a box. maybe excepting those who only have it on publictest boxes. I happen to use my yubikey daily. its definetly my prefered method. Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEUEARECAAYFAk6fYfAACgkQkSxm47BaWffTJgCfYxzgVPvap91oyDtoj3zx4cLN +1cAmMdtx0Sr0EAMg50zSYCBshNyyFU= =Wn1B -----END PGP SIGNATURE----- _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
