On Wed, Apr 03, 2024 at 07:27:12AM -0400, Stephen Gallagher wrote: > On Tue, Apr 2, 2024 at 7:41 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > > > On Tue, Apr 02, 2024 at 04:38:25PM -0400, Stephen Gallagher wrote: > > > On Tue, Apr 2, 2024 at 3:55 PM Steve Cossette <farchord@xxxxxxxxx> wrote: > > > > > > > > I personally would very much agree with enforcing the use of 2fa on the Fedora Account System. Maybe take that opportunity to make it a bit more user friendly? (Such as the fkinit prompt requiring the 2fa code being added at the end of your password -- to be clear I think the 2fa code should be separate) > > > > > > https://pagure.io/fedora-packager/pull-request/179 > > > > I agree that fixing the mismatch in prompts might be nice, but why does > > having 2fa seperate make things any better? I mean, it's one more return > > you get to hit. ;) > > > > And... I am not sure about moving the handling of passwords to a bash > > script from a kinit prompt. > > > > The kinit is already being run inside a bash script, so if bash is > compromised with a keylogger, you've already lost the game... I'm not > sure how this is worse. Well, I meant more that now $PASSWORD has your password where before kinit was the only thing you input your password into. :) So, if someone does say a 'sh -x fkinit' to look at something, their password will show up, but it's probibly fine. > Yeah, it's an extra keystroke, but I think there's value in helping > the user provide the input in the proper format. Right now it's > confusing (particularly since the kinit prompt gives bad information > that we have to warn about). Sure. kevin
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
