Il 11/06/26 15:56, Dominik 'Rathann' Mierzejewski ha scritto:
> On Thursday, 11 June 2026 at 15:46, Michael Catanzaro via devel wrote:
>>     I use 2FA for basically everything except Fedora. Yet my Fedora account
>>     is one of my highest-value accounts. Compromise a Fedora packager and
>>     you can push malware more or less directly to users.
>>
>>     I'm afraid Fedora is just not ready for 2FA. Kerberos is currently the
>>     biggest problem. No way would I be willing to enable 2FA before
>>     gnome-online-accounts is able to handle ticket
>>     renewals: 
>> https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/work_items/171
> [...]
>
> FWIW, I've been using YubiKey-based OTP (via ykman) and fkinit for 2FA with
> Fedora account for quite some time now and it works quite well.
>
> Regards
> Dominik

I've recently purchased a yubikey, but I didn't set up it for 
authentication with Fedora kerberos. Is there any guide on how to do that?

BTW my idea of using a yubikey with kerberos is to issue fkinit + enter 
yubikey pin and confirm user presence: is it possible? I must say I'm a 
newby with hardware tokens and I struggled a lot to understand how to 
configure the key for basic usage like storing ssh keys for several 
online accounts. I thought it was and should be easier for users to set 
up their devices.

Mattia


-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to