On Thu, Apr 20, 2017 at 08:04:34AM -0400, Marc Boorshtein wrote:
> Has anyone looked into using U2F with freeipa? My guess is you would need
> a customized ssh client to interact with the device but in theory you could
> just transform the users U2F public key into an ssh key.
> Marc Boorshtein
> CTO, Tremolo Security, Inc.
We have had preliminary discussion about U2F.
As you suggest, U2F requires client support. U2F does not provide a
general signing operation (it only signs a specific kind of
message) so some server support is probably required as well.
That said, a lot of U2F devices have additional / alternative modes
with PKCS #11 interfaces, e.g. PIV, allowing them to be used as
generic crypto tokens.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project