Fedora Infrastructure Security FAD: Day 1
First day of the FAD, and a very productive one indeed. 😉
First off got things pushed out to make Fedora 18 Beta release live in the morning and everyone happily downloading. Next we all met up in the hotel lobby and walked over to the Red Hat tower where we were provided some lovely meeting space by Red Hat.
We discussed policy and plans and then dived in to implemented. After a long day of puppet commits, packaging and debugging we had 2 factor auth working in our staging env! Tomorrow (and some more tonight) we are going to work on adding yubikey backend and work on the enrolling UI/cgi interface.
As a high level overview, we are using pam_url (now packaged and accepted in Fedora/EPEL) on client machines and totp-cgi (packaged and under review) as the server end. Then we are adding some code on to support yubikeys. Down the road we may well look at pulling totp-cgi functions into FAS directly, but we decided that we want to get things working now.
This has been a great group of folks to work with… dividing things up and getting things done. 😉