| (5 intermediate revisions by 2 users not shown) | |||
| Line 8: | Line 8: | ||
Contributing Writer: [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]] | Contributing Writer: [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]] | ||
=== | === Intrusion update === | ||
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref> | |||
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication. | |||
said | |||
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used. | |||
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication. | |||
It was a two factor authentication and therefore was more secure than passphrase or ssh keys. | |||
[[ | |||
<references/> | <references/> | ||
Latest revision as of 04:36, 6 April 2009
Infrastructure
This section contains the discussion happening on the fedora-infrastructure-list
http://fedoraproject.org/wiki/Infrastructure
Contributing Writer: Huzaifa Sidhpurwala
Intrusion update
Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.
DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.