On Tue, Oct 25, 2011 at 09:17:39PM +0200, fkooman@xxxxxxxxx wrote: > On Tue, Oct 25, 2011 at 6:22 PM, Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > > Correct -- it's not currently two-factor (it's either this or that). We've > > been kicking around whether we want to make it two-factor, how we'd do that, > > who we'd enforce it upon, etc, for a while... it's hard because we have > > several different classes of users with different requirements for each. > > Maybe something like SAML or OpenID 2.0 would be a solution for this > (free single sign on included)... The people @yubikey wrote a module > for simpleSAMLphp to support the Yubikey for 2-factor authentication. > > Would be nice to have single sign on for Bugzilla, FAS, Bodhi, Wiki... > bugzilla likely won't happen as that's controlled by RH (If upstream bugzilla grew OpenID support, they might be convinced to let that be used... not sure). FAS and bodhi are single sign on (iirc, everything on admin.fedoraproject.org). wiki shares the same authn verification with fas but not the auth cookie. So you can login to the wiki with your yubikey or fas password but you do have to do it separately from your login to fas/bodhi/pkgdb/etc. koji is separate. From previous talks with the koji devs I'm not sure whether they'd take a patch to add openid or not. Best to open a conversation with them if you're interested. -Toshio
Attachment:
pgpoTES6NULVr.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel