On Wed, 2020-12-23 at 15:05 +0000, Gary Buhrmaster wrote: > On Wed, Dec 23, 2020 at 12:49 PM Vitaly Zaitsev via devel > <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > Maybe Fedora should add 2FA support and require it for the most powerful > > groups? > > > > It does support it, but AFAIK does not require it. old-FAS (the current one) has 2FA support and requires it for things like root access on infra hosts. There's at least one bug in the old-FAS 2FA implementation which makes it close to useless, so it probably wouldn't be worth extending the requirements for 2FA until new-FAS (based on AAA) is deployed. At that point I think it would make sense to require packager accounts to have a second factor, and require that second factor when getting a Kerberos ticket and when changing the ssh keys on the account. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
