On Tue, Oct 25, 2011 at 11:40:29AM +0200, François Kooman wrote: > On 10/25/11 10:23 AM, Mario Ceresa wrote: > > Francois: you should already be able to use yubikey for FAS, bodhi and > > ssh. You don't need the yubikey prompt: just put your username, go to > > the password field and then press the key's button. > Correction -- ssh will still use ssh keys. There's no option for passwords in fedora infra anymore so there's also no option to use the yubikey there.
> Really? That seems weird. If someone takes my key they would be able to > login? I would expect it to be two-factor authentication (username & > password + yubikey). > > (I'm unable to test right now as I don't have my yubi with me) > Correct -- it's not currently two-factor (it's either this or that). We've been kicking around whether we want to make it two-factor, how we'd do that, who we'd enforce it upon, etc, for a while... it's hard because we have several different classes of users with different requirements for each. -Toshio
pgp4i4XdusSLM.pgp
Description: PGP signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
