On 2019-03-18 20:12, Marcin Zajączkowski wrote: > On 2019-03-18 10:46, Stephen John Smoogen wrote: >> On Sun, 17 Mar 2019 at 20:15, Marcin Zajaczkowski <[email protected]> wrote: >>> >>> Hi. As I use FAS as an OpenID provider in a few places I would like to >>> enable 2FA in it. I made steps described on the wiki page >>> https://fedoraproject.org/wiki/Infrastructure_Two_Factor_Auth#Enrolling , >>> configured FreeOTP and "It should be ready to use immediately" (athough the >>> page itself in general seems to be not fully configured/adjusted) . >>> Unfortunately it's not. I can still login using just my password. This >>> group is mentioned as a place to get help in the related situations. >>> >> >> Currently 2 factor is only available for certain shell account actions >> for system administrators. It is not enabled or functioning for web >> applications or other tools due to problems we had during initial >> roll-out. There is no time table for this to be put in place at this >> time as we have been given a lot of higher priority tasks over the >> years which keeps pushing this off. > > That's unfortunate for my case, but thanks for your reply anyway. I hope > it will be available one day.
One more thing. Looking back at the old attack at kernel.org and the more recent at the popular npm repository [1], it would be pity having malicious code distributed among the Fedora users in one of the popular packages, because the FAS account has been hacked (and the SSH key has been changed). Having the second factor in place would make the whole operation much harder. [1] - https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/ Marcin > > Marcin > > >> >> >>> Q. How can I activate 2FA/MFA with TOTP not being a RedHat employee, but >>> "only" an external Fedora contributor? >>> >>> Marcin >>> _______________________________________________ >>> infrastructure mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/[email protected] >> >> >> > > _______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
