Il 11/06/26 15:56, Dominik 'Rathann' Mierzejewski ha scritto: > On Thursday, 11 June 2026 at 15:46, Michael Catanzaro via devel wrote: >> I use 2FA for basically everything except Fedora. Yet my Fedora account >> is one of my highest-value accounts. Compromise a Fedora packager and >> you can push malware more or less directly to users. >> >> I'm afraid Fedora is just not ready for 2FA. Kerberos is currently the >> biggest problem. No way would I be willing to enable 2FA before >> gnome-online-accounts is able to handle ticket >> renewals: >> https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/work_items/171 > [...] > > FWIW, I've been using YubiKey-based OTP (via ykman) and fkinit for 2FA with > Fedora account for quite some time now and it works quite well. > > Regards > Dominik
I've recently purchased a yubikey, but I didn't set up it for authentication with Fedora kerberos. Is there any guide on how to do that? BTW my idea of using a yubikey with kerberos is to issue fkinit + enter yubikey pin and confirm user presence: is it possible? I must say I'm a newby with hardware tokens and I struggled a lot to understand how to configure the key for basic usage like storing ssh keys for several online accounts. I thought it was and should be easier for users to set up their devices. Mattia -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
