Re: 2FA policy for provenpackagers is now active

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 24, 2024 at 05:11:07PM +0000, Mattia Verga via devel wrote:
> 
> -------- Messaggio originale --------
> 24/06/24 18:21, Kevin Fenzi <kevin@xxxxxxxxx> ha scritto:
> 
> >  
> >  I personally don't see why entering a otp once a week is such a
> >  burden... but it does seem to be. ;(
> >  
> 
> Once a week? When I get a kerberos ticket with fkinit it expires
> after 24h. Is there a setting to change somewhere to make it last
> a week?

Tickets expire after 24 hours, but before expiry, it is possible
to request renewal eg 

  kinit <fas-user-name>@FEDORAPROJECT.ORG -R

this renewable won't prompt for credentials. IIUC, it basically just
validates that your krb account hasn't been disabled by the server
admin.

klist will tell you the upper limit on renewals before you must
fully re-authenticate, and in Fedora it appears to be 7 days.

Note, you *MUST* renew it before it expires, as you can't renew an
expired ticket, even if it were still within the renewal lifetime.

Incidentally there's not particularly any need to use fkinit, as
it is just a thin wrapper around kinit. It avoids the need to type
the "@FEDORAPROJECT.ORG" part of your krb account, and for some
reason forces use of the "FILE" credential cache, overriding the
system default. The latter feels dubious to me but perhaps there's
some good reason for it ?

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux