On 2019-03-18 20:12, Marcin Zajączkowski wrote: > On 2019-03-18 10:46, Stephen John Smoogen wrote: >> On Sun, 17 Mar 2019 at 20:15, Marcin Zajaczkowski <mszpak@xxxxx> wrote: >>> >>> Hi. As I use FAS as an OpenID provider in a few places I would like to enable 2FA in it. I made steps described on the wiki page https://fedoraproject.org/wiki/Infrastructure_Two_Factor_Auth#Enrolling , configured FreeOTP and "It should be ready to use immediately" (athough the page itself in general seems to be not fully configured/adjusted) . Unfortunately it's not. I can still login using just my password. This group is mentioned as a place to get help in the related situations. >>> >> >> Currently 2 factor is only available for certain shell account actions >> for system administrators. It is not enabled or functioning for web >> applications or other tools due to problems we had during initial >> roll-out. There is no time table for this to be put in place at this >> time as we have been given a lot of higher priority tasks over the >> years which keeps pushing this off. > > That's unfortunate for my case, but thanks for your reply anyway. I hope > it will be available one day. One more thing. Looking back at the old attack at kernel.org and the more recent at the popular npm repository [1], it would be pity having malicious code distributed among the Fedora users in one of the popular packages, because the FAS account has been hacked (and the SSH key has been changed). Having the second factor in place would make the whole operation much harder. [1] - https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/ Marcin > > Marcin > > >> >> >>> Q. How can I activate 2FA/MFA with TOTP not being a RedHat employee, but "only" an external Fedora contributor? >>> >>> Marcin >>> _______________________________________________ >>> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx >>> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx >> >> >> > > _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
