On Tue, Apr 2, 2024 at 7:41 PM Kevin Fenzi <ke...@scrye.com> wrote: > > On Tue, Apr 02, 2024 at 04:38:25PM -0400, Stephen Gallagher wrote: > > On Tue, Apr 2, 2024 at 3:55 PM Steve Cossette <farch...@gmail.com> wrote: > > > > > > I personally would very much agree with enforcing the use of 2fa on the > > > Fedora Account System. Maybe take that opportunity to make it a bit more > > > user friendly? (Such as the fkinit prompt requiring the 2fa code being > > > added at the end of your password -- to be clear I think the 2fa code > > > should be separate) > > > > https://pagure.io/fedora-packager/pull-request/179 > > I agree that fixing the mismatch in prompts might be nice, but why does > having 2fa seperate make things any better? I mean, it's one more return > you get to hit. ;) > > And... I am not sure about moving the handling of passwords to a bash > script from a kinit prompt. >
The kinit is already being run inside a bash script, so if bash is compromised with a keylogger, you've already lost the game... I'm not sure how this is worse. Yeah, it's an extra keystroke, but I think there's value in helping the user provide the input in the proper format. Right now it's confusing (particularly since the kinit prompt gives bad information that we have to warn about). -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
