On Thu, Apr 7, 2022 at 2:59 PM Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote:
>
> On Thu, Apr 7 2022 at 02:41:42 PM +0000, Gary Buhrmaster
> <gary.buhrmaster@xxxxxxxxx> wrote:
> > I had thought there was an open (RFE) issue with
> > gnome-online-accounts to request support for
> > OTP use cases, although, as a hard problem, it
> > is likely not going to see a resolution quickly.
>
> Well the whole point of gnome-online-accounts is to keep you
> authenticated permanently. That just does not work if your kerberos
> password is an OTP. I'm not sure what we could possibly change.
Thinking inside the box, I could imagine that
if your authenticator token was generated from
the key material inside your TPM chip, or secure
enclave, or plugged in FIDO2 key, or proximity
to some external device (say, your mobile
device), that the experience could be
(semi-) automated to renew authentication.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
