Infrastructure Two Factor Auth

From FedoraProject

Revision as of 19:55, 29 November 2012 by Kevin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Introduction

Fedora infrastructure has setup to use two factor authenication for all 'sudo' access on any machines. At some point in time it may be expanded for other access, but currently it's restricted to just 'sudo' calls on infrastructure machines.

Audience

You need to know about this if you are in a FAS group that provides you shell access to any infrastructure machines, and additionally you have permissions / need to sudo on those machines.

Supported tokens

Currently we support two backend tokens:

1. yubikey - You setup this as noted on the yubikey burn page.

2. googleauthenticator - You can install a free application from google to your iphone or android device to use this option.

If you do not have a yubikey or a android or iphone device, please contact us for options.

Enrolling

What happens if I lost my token?

Software used