2012-11-28

Fedora Activity Day Summary

The previous reports on the Fedora Infrastructure Security FAD have been very very light on details as I have been wanting to summarize them separately from the events themselves.

Two Factor Authentication tries to hamper problems with passwords being stolen by requiring a person using a service to have a second "factor" which should increase the probability that the item trying to authenticate is actually that item.

Over the last 4+ years, Fedora Infrastructure has been wanting to implement two factor authorization to increase security. I believe Mike McGrath and some others began looking at Yubikey in 2009 or 2010. Parts were implemented into the Fedora Account System by that years FUDcon, but other fires began to take over and it was put off til the next year to fully implement. Other parts were worked on and a couple of different ways to implement were looked and or tested at one point another. However, every time these were ready to be fully implemented, other items took precedence and eventually the two factor would be put on a back-burner til "next year". This year, Kevin Fenzi made sure this would not happen again by getting the people needed to accomplish the goal into one location for a dedicated couple of days. It was decided that it needed to be a FAD versus FUDcon as we had found at previous FUDcons that sysadmins time gets pulled into various other meetings needing to know if X or Y or Z can be done with what hardware Fedora has available.

By getting everyone in Raleigh, the group has been able to get the infrastructure together, fix various bugs in pam_url, and have a solution we can roll out into production for 2 factor sudo access in the next couple of days.

No comments: