Re: GNOME Online Accounts "Fedora" - Pre-authentication failed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Apr 6, 2022 at 4:41 PM Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote:

> Myself, I will not enable OTP until there is a way to disable it again.
> Currently, once enabled, you are stuck with it and cannot go back if
> things break, which is too much risk for me.

In some ideal implementation turning on OTP would
allow a "revert" functionality (if issued, say, within
24 hours) so that one could test one's use cases
before it became (more or less) permanent [0][1].

While OTP is generally considered a good thing
to enhance authentication, not easily allowing the
community to dip one's toe into waters before
jumping in almost certainly slows uptake.

> I'd be very sad if I couldn't use gnome-online-accounts
> to manage kerberos anymore. :/

I had thought there was an open (RFE) issue with
gnome-online-accounts to request support for
OTP use cases, although, as a hard problem, it
is likely not going to see a resolution quickly.

Gary

[0] Some network vendors sort of reverse that, and
allow one to commit a change with an automatic
revert if it is not confirmed within a specified time.
While the automated revert should not be needed
often (if ever) if one properly vets the changes in
advance, it can save your butt (from having to
dispatch remote hands to the physical location to
recover the device) when things go sideways.

[1] As I recall, getting OTP turned off by admins
for an account (due to issues, or new devices
or lost tokens) also requires one to have prepared
for such a reversion by creating alternative out
of band authentication steps in advance.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux