Ondrej Mosnáček <[email protected]> writes:
> On Thu, 11 Jun 2026 at 17:34, Adam Williamson
> <[email protected]> wrote:
>>
>> I've had 2FA turned on on my account for years, and I deal with it.
>> Would it be nice if g-o-a handled ticket renewal? Sure. Is it a
>> dealbreaker? No. I have `kinit -R [email protected]` in my
>> shell history. I run it once a day. It's fine.
>
> I have this automated using systemd user units. It's really dead
> simple (and could even be packaged as an RPM after some basic
> configurability is added). This is a slightly simplified (and
> untested) version of what I have in my home dir:
Why not just use sssd-kcm? You probably don't want the default keyring
ccache if you run containers anyhow.
I don't understand the requirement for GNOME accounts. I do Fedora
stuff in headless VMs anyhow, and just paste credentials from pass(1)
into fkinit. That lasts for a week(?) if necessary while KCM renews
them, assuming the VM is up often enough, and is trivial effort. I have
this in krb5.conf
[libdefaults]
ticket_lifetime = 24h
renew_lifetime = 7d
While I'd be happy to use FIDO/smartcard with the hardware key (or TPM)
I use anyhow, I'd then have to pass that through to my VMs (if that's
possible with the free version of Virtualbox).
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new