> > Just one note: I'm not sure how the token generation works in noggin, but
> > usually you get a few seconds to use the old code when the new one is
> > generated, but I just got invalid code when the new one was generated during
> > typing the old one.
>
> I guess this is a question for IPA tea
On Fri, Apr 16, 2021 at 10:37:06AM +0200, Michal Konecny wrote:
> I tested it and it works.
>
> Just one note: I'm not sure how the token generation works in noggin, but
> usually you get a few seconds to use the old code when the new one is
> generated, but I just got invalid code when the new on
Drunken monkey
Otp okay I guess
Thank you for your monitoring
On Fri, Apr 16, 2021, 14:07 Michal Konecny wrote:
> I tested it and it works.
>
> Just one note: I'm not sure how the token generation works in noggin,
> but usually you get a few seconds to use the old code when the new one
> is gene
I tested it and it works.
Just one note: I'm not sure how the token generation works in noggin,
but usually you get a few seconds to use the old code when the new one
is generated, but I just got invalid code when the new one was generated
during typing the old one.
And one question: Is ther
> Once it's merged and deployed, the tokens will only be enabled once
> users have proven that their app works, so it should cut down on those
> "I'm locked out" requests.
OK, it's merged and deployed on staging. If you folks want to test it
out, it's at
https://accounts.stg.fedoraproject.org/
Ple
On Tue, Apr 13, 2021 at 08:10:02PM +0200, Aurelien Bompard wrote:
> > So, we have at least a half-dozen of these pending now. ;(
>
> I have implemented a verification step for OTP tokens, it's currently
> under review:
> https://github.com/fedora-infra/noggin/pull/584
> Once it's merged and deploy
> So, we have at least a half-dozen of these pending now. ;(
I have implemented a verification step for OTP tokens, it's currently
under review:
https://github.com/fedora-infra/noggin/pull/584
Once it's merged and deployed, the tokens will only be enabled once
users have proven that their app work
On Thu, Apr 08, 2021 at 12:41:43PM -0700, Kevin Fenzi wrote:
...snip...
>
> 2. How can we verify identity on people who request the removal of their
> last otp? Do we just tell them to make a new account?
>
> Random ideas:
>
> * If they are not in any groups, how about we just reset based on ema
> So technically you can have something like:
> - create OTP token and mark it disabled
> - show OTP token configuration details to a user
> - ask user for this token validation: enter a password and a value
> - enable token
> - verify token
> - if verification fails, disable the token again
Some
On Sat, 10 Apr 2021 at 02:46, Aurelien Bompard
wrote:
>
> > > * If they are Red Hat employees we can use the internal verify thing
> >
> > Yes. Is there a way we could extend something similar to non-RHers?
>
> That would be interesting, how does it work? Can we replicate it in some
> way?
>
>
Th
Hi Aurelien,
> Yeah, but there is no API in IPA to do that (we did consider it when
> writing the code).
> I've been working on this issue yesterday, trying to find a
> workaround, but my tests didn't give something usable. I've asked the
> FreeIPA folks on IRC and they had no solution (but they h
> > * Could we require someone enter their password + token before accepting
> > the token? ie, they try and enroll, ipa adds it, they have to verify, if
> > they can't, it's removed?
>
> This is _very_ common in other implementations.
Yeah, but there is no API in IPA to do that (we did consider i
On Thu, Apr 08, 2021 at 12:41:43PM -0700, Kevin Fenzi wrote:
> so tons of people are playing around with them. A number of folks are
> not able to properly save their token, or run into problems adding it
> and need to have that token removed so they can try again. Many of these
> are new users tha
Greetings.
FAS2 (The old account system) supported 2fa tokens, but they were not in
the main interface, you had to go and find a infra sop and go to the
right place or run the right command line tool. This was fine as the
only thing we were using them for was sudo (so only sysadmins were
affected
14 matches
Mail list logo
