On Пан, 24 чэр 2024, Leigh Scott wrote:
I personally don't see why entering a otp once a week is such a
burden... but it does seem to be. ;(
kevin
It isn't just once.
1. kerberos
2. Web login on infra, bugzilla, bodhi, devel list and accounts
If you do nightly shutdown you would need to enter it many times per week.
Fedora's IPA deployment is set up to have individual Kerberos tickets be
issued for 24 hours of validity (give or take) by default, with renewal
period up to one week. Thus, a nightly shutdown should not be a problem
if you are able to wake up that machine before 24 hour period expires.
Fedora uses KCM: credentials cache collection which helps to persist
existing Kerberos tickets over reboots as well.
Aside from the accounts.fedoraproject.org, the rest can authenticate
either with Kerberos directly or through Ipsilon IdP which takes
Kerberos as well. In practice I have to re-login manually to Fedora
services once a week, pretty much.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue