Re: 2FA policy for provenpackagers is now active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Пан, 24 чэр 2024, Leigh Scott wrote:

I personally don't see why entering a otp once a week is such a
burden... but it does seem to be. ;(

kevin

It isn't just once.

1. kerberos
2. Web login on infra, bugzilla, bodhi, devel list and accounts

If you do nightly shutdown you would need to enter it many times per week.

Fedora's IPA deployment is set up to have individual Kerberos tickets be
issued for 24 hours of validity (give or take) by default, with renewal
period up to one week. Thus, a nightly shutdown should not be a problem
if you are able to wake up that machine before 24 hour period expires.

Fedora uses KCM: credentials cache collection which helps to persist
existing Kerberos tickets over reboots as well.

Aside from the accounts.fedoraproject.org, the rest can authenticate
either with Kerberos directly or through Ipsilon IdP which takes
Kerberos as well. In practice I have to re-login manually to Fedora
services once a week, pretty much.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux