On Thu, Apr 08, 2021 at 12:41:43PM -0700, Kevin Fenzi wrote: ...snip... > > 2. How can we verify identity on people who request the removal of their > last otp? Do we just tell them to make a new account? > > Random ideas: > > * If they are not in any groups, how about we just reset based on email? > * Or perhaps if they are not in any sysadmin* groups? > * If they are Red Hat employees we can use the internal verify thing > * We could use gpg signed email if there is a gpg key assigned to the > account. > * Could we use ssh key to verify them? > > Any thoughts welcome.
So, we have at least a half-dozen of these pending now. ;( I'm going to just process them later today unless there's strong objections. My rationale being that we are in a grace period after the new account rollout, we hope to improve things so people can't get in this state as easily, and none of them are in 'high security' groups. We still need a longer term policy, but I don't want all these people locked out while we figure it out. kevin
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
