On Fri, 2026-06-19 at 06:07 +0000, Mattia Verga via devel wrote: > Il 17/06/26 18:51, Adam Williamson ha scritto: > > As someone with 2FA enabled, I have to use my second factor when > > authenticating to kerberos in order to be able to submit builds. Yes, I > > don't have to use the second factor every time I do a push to dist-git, > > at least not currently (though 2FA was required to issue the token the > > process uses, and that token can be stored pretty securely). But as > > Daniel says, waiting for things to be perfect before having the > > requirement doesn't seem sensible. It's still much safer with 2FA on > > than without. > > I also have 2FA enabled and use kerberos to avoid logging in separately > in each Fedora places. But as someone who do 99.99% of Fedora related > work on my home PC or in a VM inside it, I'd like to have the kerberos > ticket validity more than just a day... at least a week, or perhaps a > month. I doubt anyone stealing my PC or sneaking access to it just to > hack Fedora stuff...
You know it's renewable for a week, right? Just `kinit -R` will renew it. And thankfully, the renew window was recently changed from 24 hours to "a bit longer than 24 hours" so you don't have to renew it earlier and earlier each day any more :D Ideally your desktop would be able to renew it for you automatically but it seems like this doesn't work at least on GNOME ATM. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected] https://www.happyassassin.net -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
