On Thu, Apr 20, 2017 at 08:04:34AM -0400, Marc Boorshtein wrote:
> Has anyone looked into using U2F with freeipa?  My guess is you would need
> a customized ssh client to interact with the device but in theory you could
> just transform the users U2F public key into an ssh key.
> Marc Boorshtein
> CTO, Tremolo Security, Inc.

Hi Marc,

We have had preliminary discussion about U2F.

As you suggest, U2F requires client support.  U2F does not provide a
general signing operation (it only signs a specific kind of
message[1]) so some server support is probably required as well.


That said, a lot of U2F devices have additional / alternative modes
with PKCS #11 interfaces, e.g. PIV, allowing them to be used as
generic crypto tokens.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to