On Thu, 7 Mar 2013 07:09:13 +
Clive Hills wrote:
> I suppose I have to bite and ask why yubikey is regarded as
> single-factor? I guess it isn't something I know as well as something
> I have?
The way we had yubikeys deployed before (and what this thread is
talking about) was single factor.
2013/3/7 Clive Hills
> I suppose I have to bite and ask why yubikey is regarded as single-factor?
> I guess it isn't something I know as well as something I have?
>
> Spot's poll is interesting - I see SecureID hard tokens leading the hard
> tokens featured (7am UTC Thursday) but how does an indi
Thank you for the correction.
My bad. Clearly I need another coffee before posting.
Clive
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Thu, 2013-03-07 at 07:09 +, Clive Hills wrote:
> Spot's poll is interesting - I see SecureID hard tokens leading the
> hard
> tokens featured (7am UTC Thursday) but how does an individual buy one?
If you are referring to
https://sparkslinux.wordpress.com/2013/03/06/poll-what-multi-factor-au
On 7 Mar 2013 07:09, "Clive Hills" wrote:
>
> I suppose I have to bite and ask why yubikey is regarded as
single-factor? I guess it isn't something I know as well as something I
have?
>
> Spot's poll is interesting - I see SecureID hard tokens leading the hard
tokens featured (7am UTC Thursday) bu
I suppose I have to bite and ask why yubikey is regarded as single-factor?
I guess it isn't something I know as well as something I have?
Spot's poll is interesting - I see SecureID hard tokens leading the hard
tokens featured (7am UTC Thursday) but how does an individual buy one?
Clive
--
devel
On Wed, 6 Mar 2013 20:58:00 +0100
Andreas Bierfert wrote:
> Hi folks,
>
> anyone else seeing "Yubikey single-factor authentication has been
> disabled." when logging into fas or any other fas based services?
>
> I checked in fas and yubikey is enabled for my account (and has been
> for years).
On Thu, Oct 27, 2011 at 08:47:20AM +0200, Iain Arnell wrote:
>
> It's not the 20 minute timeout that bothers me. It's the damn CSRF
> avoiding "I am human" process that bugs the hell out of me. At least
> pkgdb has a "verify login" button on each page so I'm only one click
> away from really being
On Wed, Oct 26, 2011 at 9:45 PM, Toshio Kuratomi wrote:
> On Wed, Oct 26, 2011 at 12:11:25PM -0700, Adam Williamson wrote:
>>
>> Well, 20 mins inactivity sounds about 'right', as in, it matches my
>> experience. seems like a very short timeout, but maybe it's appropriate.
>>
> We've asked for feed
On Wed, Oct 26, 2011 at 12:11:25PM -0700, Adam Williamson wrote:
> On Wed, 2011-10-26 at 09:57 -0700, Toshio Kuratomi wrote:
> > On Tue, Oct 25, 2011 at 04:56:18PM -0700, Adam Williamson wrote:
> > > On Tue, 2011-10-25 at 16:44 -0700, Toshio Kuratomi wrote:
> > > > FAS and bodhi are single sign on
On Wed, 2011-10-26 at 09:57 -0700, Toshio Kuratomi wrote:
> On Tue, Oct 25, 2011 at 04:56:18PM -0700, Adam Williamson wrote:
> > On Tue, 2011-10-25 at 16:44 -0700, Toshio Kuratomi wrote:
> > > FAS and bodhi are single sign on (iirc, everything on
> > > admin.fedoraproject.org).
> >
> > Well, Bodh
On Tue, Oct 25, 2011 at 04:56:18PM -0700, Adam Williamson wrote:
> On Tue, 2011-10-25 at 16:44 -0700, Toshio Kuratomi wrote:
> > FAS and bodhi are single sign on (iirc, everything on
> > admin.fedoraproject.org).
>
> Well, Bodhi seems to do a damn good job of forgetting you're signed in.
> I've n
On Tue, 2011-10-25 at 16:44 -0700, Toshio Kuratomi wrote:
> FAS and bodhi are single sign on (iirc, everything on
> admin.fedoraproject.org).
Well, Bodhi seems to do a damn good job of forgetting you're signed in.
I've never tried to analyze this carefully, it's just a subjective
feeling that I s
On Tue, Oct 25, 2011 at 09:17:39PM +0200, fkoo...@tuxed.net wrote:
> On Tue, Oct 25, 2011 at 6:22 PM, Toshio Kuratomi wrote:
> > Correct -- it's not currently two-factor (it's either this or that). We've
> > been kicking around whether we want to make it two-factor, how we'd do that,
> > who we'd
On Tue, Oct 25, 2011 at 6:22 PM, Toshio Kuratomi wrote:
> Correct -- it's not currently two-factor (it's either this or that). We've
> been kicking around whether we want to make it two-factor, how we'd do that,
> who we'd enforce it upon, etc, for a while... it's hard because we have
> several d
On Tue, 25 Oct 2011, Mario Ceresa wrote:
>
> That's strange: the only two occasion I had a failed OTP were:
>
> 1) A configuration problem: (Yubikey not enabled, yubikey prefix not
> correct, using unburned key)
>
> 2) In a two slot configuration, whenever I press the button too long
> and it gen
Thanks Toshio for the correction!
Best,
Mario
On 25 October 2011 18:22, Toshio Kuratomi wrote:
> On Tue, Oct 25, 2011 at 11:40:29AM +0200, François Kooman wrote:
>> On 10/25/11 10:23 AM, Mario Ceresa wrote:
>> > Francois: you should already be able to use yubikey for FAS, bodhi and
>> > ssh. Yo
On Tue, Oct 25, 2011 at 11:40:29AM +0200, François Kooman wrote:
> On 10/25/11 10:23 AM, Mario Ceresa wrote:
> > Francois: you should already be able to use yubikey for FAS, bodhi and
> > ssh. You don't need the yubikey prompt: just put your username, go to
> > the password field and then press the
On 10/25/11 10:23 AM, Mario Ceresa wrote:
> Francois: you should already be able to use yubikey for FAS, bodhi and
> ssh. You don't need the yubikey prompt: just put your username, go to
> the password field and then press the key's button.
Really? That seems weird. If someone takes my key they wo
Francois: you should already be able to use yubikey for FAS, bodhi and
ssh. You don't need the yubikey prompt: just put your username, go to
the password field and then press the key's button.
Regards,
Mario
On 25 October 2011 10:13, François Kooman wrote:
> On 10/24/11 3:34 PM, Paul Wouters wr
On 10/24/11 3:34 PM, Paul Wouters wrote:
> Yes, even using the latest rawhide versions of the yubikey related packages to
> work around the libusb issues.
My problem was, maybe I'm just stupid, that I assumed that a successful
test of the Yubikey in the FAS web interface would enable Yubikey
authe
That's strange: the only two occasion I had a failed OTP were:
1) A configuration problem: (Yubikey not enabled, yubikey prefix not
correct, using unburned key)
2) In a two slot configuration, whenever I press the button too long
and it generates an OTP from the second slot
If you are sure that'
On Mon, 24 Oct 2011, Mario Ceresa wrote:
> why is it failing?
That's what I wanted to know. The FAS website just says "failed OTP"
> did you reburn your yubikey with
> fedora-burn-yubikey and activated it in your FAS profile?
Yes, even using the latest rawhide versions of the yubikey related pa
Hello Paul,
why is it failing? did you reburn your yubikey with
fedora-burn-yubikey and activated it in your FAS profile?
Beware that this will destroy the yubiko configuration the key shipped
with in slot 1 and there is no way to get it back.
HTH,
Mario
On 21 October 2011 01:03, Paul Wouters
On Thu, 20 Oct 2011, Nathan O. wrote:
> slot 1: fedora OTP configured with fedora-burn-yubikey -u
> slot 2: yubico OTP. Using the command line tool shipped with fedora
> gave me some problems, so I used the one from yubico
>
> (http://wiki.yubico.com/files/YubiKey%20Person
Thanks for the help, I will put this email in Saved so I will have it later.
:-)
On Wed, Oct 19, 2011 at 1:54 PM, Mario Ceresa wrote:
> Hello all!
>
> I'm an happy possessor of a yubikey and I use it both for FAS
> authentication and for ssh access.
>
> The configuration is the following:
>
> slo
Hello all!
I'm an happy possessor of a yubikey and I use it both for FAS
authentication and for ssh access.
The configuration is the following:
slot 1: fedora OTP configured with fedora-burn-yubikey -u
slot 2: yubico OTP. Using the command line tool shipped with fedora
gave me some problems, so
On Thu, Oct 13, 2011 at 11:45:35AM +0200, Thomas Spura wrote:
> On Tue, 11 Oct 2011 23:02:36 -0700
> Toshio Kuratomi wrote:
>
> > On Tue, Oct 11, 2011 at 11:11:39PM -0400, Paul Wouters wrote:
> > > On Tue, 11 Oct 2011, Nathanael D. Noblet wrote:
> > >
> > > > As far as I know if you burn the key
I don't think it is actually used somewhere, but I wrote an article about
using Yubikeys with Fedora a long time ago when the Infra team was busy
implementing Yubikey support. Iirc I wrote about using the second slot
somewhere in there. It might help you:
https://fedoraproject.org/wiki/Using_Yubike
On Tue, 11 Oct 2011 23:02:36 -0700
Toshio Kuratomi wrote:
> On Tue, Oct 11, 2011 at 11:11:39PM -0400, Paul Wouters wrote:
> > On Tue, 11 Oct 2011, Nathanael D. Noblet wrote:
> >
> > > As far as I know if you burn the key you will lose the ability to
> > > use the yubikey's servers and I'm guessin
On 10/12/2011 12:02 AM, Toshio Kuratomi wrote:
> I currently have my yubikey set up to do this (slot 1 is Fedora, slot 2 is
> for yubikey servers).
Hmm that's great. For some reason I thought the slots still used the
same keys...
--
Nathanael d. Noblet
t 403.875.4613
--
devel mailing list
deve
On Tue, Oct 11, 2011 at 11:11:39PM -0400, Paul Wouters wrote:
> On Tue, 11 Oct 2011, Nathanael D. Noblet wrote:
>
> > As far as I know if you burn the key you will lose the ability to use
> > the yubikey's servers and I'm guessing coincidentally the lastpass as
> > well. I have seen that you are a
On Tue, 11 Oct 2011, Nathanael D. Noblet wrote:
> As far as I know if you burn the key you will lose the ability to use
> the yubikey's servers and I'm guessing coincidentally the lastpass as
> well. I have seen that you are allowed to upload a new key to their
> servers to restore its useability.
On 10/11/2011 08:38 PM, Nathan O. wrote:
> Curious to know, I am thinking about getting a Yubikey to use on FAS and
> other related logins. I seen you must burn the key. I am concidering
> getting the Yubikey with the Lasspass subscription included. The
> question is, if I burn the key first then i
On Sat, 16 Oct 2010, Jesse Keating wrote:
>
>
> "Richard W.M. Jones" wrote:
>
> >
> >As the subject says.
> >
> >The yubikey still works fine for logging to FAS at
> >https://admin.fedoraproject.org/accounts/
> >
> >My regular FAS password works fine at
> >https://fedorahosted.org/rel-eng/
> >
>
"Richard W.M. Jones" wrote:
>
>As the subject says.
>
>The yubikey still works fine for logging to FAS at
>https://admin.fedoraproject.org/accounts/
>
>My regular FAS password works fine at
>https://fedorahosted.org/rel-eng/
>
>Is yubikey supposed to work on these other sites?
>
Not yet.
--
36 matches
Mail list logo
