On 11/20/2016 02:11 AM, Dennis Gilmore wrote:
koji authentication will be switching to Kerberos. Koji supports multiple
authentication mechanisms. Fedora infrastructure has set up a freeipa instance
internally that has credential syncing to fas. We are working on ensuring that
gssapi caching is supported so that you can have multiple TGT's and the
ability to work in multiple reams at once. you can get started today by doing
kinit <fas username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert file
out of the way authentication will still work.
Unfortunately, I do not know much about Kerberos.
As far as I understand it, the original Kerberos 5 specification did not
protect the user password against offline brute-force attacks. Due to
the protocol is structured, it is not even necessary for an attacker to
intercept any network packets; knowledge of the user name is sufficient
to obtain data based on which you can start cracking the password.
Will we deploy any protection against that?
Thanks,
Florian
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
