Hi. As I use FAS as an OpenID provider in a few places I would like to enable 2FA in it. I made steps described on the wiki page https://fedoraproject.org/wiki/Infrastructure_Two_Factor_Auth#Enrolling , configured FreeOTP and "It should be ready to use immediately" (athough the page itself in general seems to be not fully configured/adjusted) . Unfortunately it's not. I can still login using just my password. This group is mentioned as a place to get help in the related situations.
Q. How can I activate 2FA/MFA with TOTP not being a RedHat employee, but "only" an external Fedora contributor?
Marcin
On Sun, 17 Mar 2019 at 20:15, Marcin Zajaczkowski mszpak@wp.pl wrote:
Hi. As I use FAS as an OpenID provider in a few places I would like to enable 2FA in it. I made steps described on the wiki page https://fedoraproject.org/wiki/Infrastructure_Two_Factor_Auth#Enrolling , configured FreeOTP and "It should be ready to use immediately" (athough the page itself in general seems to be not fully configured/adjusted) . Unfortunately it's not. I can still login using just my password. This group is mentioned as a place to get help in the related situations.
Currently 2 factor is only available for certain shell account actions for system administrators. It is not enabled or functioning for web applications or other tools due to problems we had during initial roll-out. There is no time table for this to be put in place at this time as we have been given a lot of higher priority tasks over the years which keeps pushing this off.
Q. How can I activate 2FA/MFA with TOTP not being a RedHat employee, but "only" an external Fedora contributor?
Marcin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
On 2019-03-18 10:46, Stephen John Smoogen wrote:
On Sun, 17 Mar 2019 at 20:15, Marcin Zajaczkowski mszpak@wp.pl wrote:
Hi. As I use FAS as an OpenID provider in a few places I would like to enable 2FA in it. I made steps described on the wiki page https://fedoraproject.org/wiki/Infrastructure_Two_Factor_Auth#Enrolling , configured FreeOTP and "It should be ready to use immediately" (athough the page itself in general seems to be not fully configured/adjusted) . Unfortunately it's not. I can still login using just my password. This group is mentioned as a place to get help in the related situations.
Currently 2 factor is only available for certain shell account actions for system administrators. It is not enabled or functioning for web applications or other tools due to problems we had during initial roll-out. There is no time table for this to be put in place at this time as we have been given a lot of higher priority tasks over the years which keeps pushing this off.
That's unfortunate for my case, but thanks for your reply anyway. I hope it will be available one day.
Marcin
Q. How can I activate 2FA/MFA with TOTP not being a RedHat employee, but "only" an external Fedora contributor?
Marcin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
On 2019-03-18 20:12, Marcin Zajączkowski wrote:
On 2019-03-18 10:46, Stephen John Smoogen wrote:
On Sun, 17 Mar 2019 at 20:15, Marcin Zajaczkowski mszpak@wp.pl wrote:
Hi. As I use FAS as an OpenID provider in a few places I would like to enable 2FA in it. I made steps described on the wiki page https://fedoraproject.org/wiki/Infrastructure_Two_Factor_Auth#Enrolling , configured FreeOTP and "It should be ready to use immediately" (athough the page itself in general seems to be not fully configured/adjusted) . Unfortunately it's not. I can still login using just my password. This group is mentioned as a place to get help in the related situations.
Currently 2 factor is only available for certain shell account actions for system administrators. It is not enabled or functioning for web applications or other tools due to problems we had during initial roll-out. There is no time table for this to be put in place at this time as we have been given a lot of higher priority tasks over the years which keeps pushing this off.
That's unfortunate for my case, but thanks for your reply anyway. I hope it will be available one day.
One more thing. Looking back at the old attack at kernel.org and the more recent at the popular npm repository [1], it would be pity having malicious code distributed among the Fedora users in one of the popular packages, because the FAS account has been hacked (and the SSH key has been changed). Having the second factor in place would make the whole operation much harder.
[1] - https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
Marcin
Marcin
Q. How can I activate 2FA/MFA with TOTP not being a RedHat employee, but "only" an external Fedora contributor?
Marcin _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure@lists.fedoraproject.org