Hi, I have been working on an article to describe what we are doing in FreeIPA and SSSD world with authentication against various identity providers. Fedora developers also actively discussed what to do with inactive maintainers and this is where we crossed over: it only took few rounds to realise that improving security of a logon to Fedora accounts is not an easy thing, sometimes there are social burdens on top of a more general lack of resources or a need to write a bunch of code to achieve a technical feasibility at all.
Long story short, there are now two articles, in a perfect XKCD style: Part 1, where I am talking about Fedora infrastructure aspects: https://vda.li/en/posts/2022/10/28/FreeIPA-Authentication-Improvements-and-Fedora-Infra/ Part 2, where FreeIPA-specific improvements and details discussed: https://vda.li/en/posts/2022/10/28/FreeIPA-Authentication-Improvements-and-Fedora-Infra-2/ -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
