Wed, Feb 21, 2018 at 08:27:14PM +, Wayne Eisenberg:
> I believe you are correct. It happens when certain people insist on a policy
> that requires the only way to connect is via 2-factor and don't make any
> accommodation for things like this or the need to be able to script a large
> rollout of a change, etc.
>
> Thanks.
ie: management
a thought is that an oauth2-like system might work - but thats just another
form of password expiration.
> -Original Message-
> From: heasley [mailto:h...@shrubbery.net]
> Sent: Tuesday, February 20, 2018 5:25 PM
> To: Wayne Eisenberg
> Cc: 'rancid-discuss@shrubbery.net'
> Subject: Re: [rancid] OTP/2-factor authentication
>
> Tue, Feb 20, 2018 at 09:34:32PM +, Wayne Eisenberg:
> > I did some searching, and I'm pretty sure I already know the answer, but
> > has anyone had any success with rancid and 2-factor authentication such as
> > OKTA (time-based OTP)?
> >
> > Any workarounds?
>
> how would it work? I'm probably being dense on the subject, but it seems
> like an obstacle to automation. Happy to receive a cluebyfour.
>
> it seems that such security goals can be achieved by aaa authorization
> (ie: read-only) and password expiration in aaa authentication.
>
>
>
>
> The information in this Internet e-mail (and any attachments) is
> confidential, may be legally privileged and is intended solely for the
> Addressee(s) named above. If you are not the intended recipient, or the
> employee or agent responsible for delivering it to the intended recipient,
> then any dissemination or copying of this e-mail (and any attachments) is
> prohibited and may be unlawful. If you received this e-mail in error, please
> immediately notify us by e-mail or telephone, then delete the message. Thank
> you.
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss