From Fedora Project Wiki

< FWN‎ | Beats

(minor rewording, emphasise literal quotes with punctuation, remove whitespace, capitalize titles)
 
(47 intermediate revisions by 3 users not shown)
Line 6: Line 6:
http://fedoraproject.org/wiki/Infrastructure
http://fedoraproject.org/wiki/Infrastructure


Contributing Writer:  HuzaifaSidhpurwala
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]


== So Everyone is Aware ==
=== Intrusion update ===
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref>


Mike McGrath wrote for @fedora-infrastructure[1]
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.


This is the first notice which came out to the community to inform them that there will be outages and a lot of the servers are being rebuilt. Mike pointed to the mail on @fedora-announce[2]
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.


[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00108.html
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication.
It was a two factor authentication and therefore was more secure than passphrase or ssh keys.


[2] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html
<references/>
 
== Securing FAS Certs ==
 
Toshio Kuratomi wrote on @fedora-infrastructure[3]: "The Fedora Certificates issued by FAS are currently set to be autogenerated if you have an account in FAS. This has one drawback. We have to keep the password for the CA keys that sign the FAS certificates in a file on the filesystem so that the automatic signing can use them."
 
Toshio suggested that we use a system which uses human interaction to sign the certs.
 
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00122.html

Latest revision as of 04:36, 6 April 2009

Infrastructure

This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Intrusion update

Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]

Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.

There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.

DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.