#73 Using Yubikeys with Fedora
Closed: Complete 8 years ago Opened 8 years ago by cialu.


I'm not a professional of the argument, so I apologize if I make some mistakes and if I'm wrong to do this alert.

I took a look at "Using Yubikeys with Fedora" page because I saw a Horcrux Fedora Badge for the activity "You burned a yubikey and linked it with your Fedora Account". After that I googled about the argument and I discovered that the Open Universal 2nd Factor (U2F) standard is now hosted by the FIDO Alliance and involved many manufacturers.

background analysis

Actually, it's seems to me that the "Using Yubikeys with Fedora" page is talk about only a manufacturer instead of talking about an open standard and about the devices that support this open standard.

implementation recommendation

I think it's better to change that page (and also the Fedora Badge) in a way like "Using Universal 2nd Factor (U2F) standard devices with Fedora" or "Using FIDO standard devices with Fedora". And make references to the open consortium instead that to a manufacturer in particular.

The badge you are speaking about, and the functionality with the Yubikey has nothing to do with U2F. It is a process of actually adding or "burning" a new key on the Yubikey that is outlined in https://fedoraproject.org/wiki/Infrastructure/Yubikey. This is used to auth for some parts of Fedora Infrastructure that require two factor auth.

Replying to [comment:2 zoglesby]:

The badge you are speaking about, and the functionality with the Yubikey has nothing to do with U2F. It is a process of actually adding or "burning" a new key on the Yubikey that is outlined in https://fedoraproject.org/wiki/Infrastructure/Yubikey. This is used to auth for some parts of Fedora Infrastructure that require two factor auth.

Yes, I mean that the two factor auth, for the parts of Fedora Infrastructure that require it, is specifically possible with Yubikey only. Maybe is better to make it possible also with open standard keys like U2F keys.

@cialu @zoglesby As of recently, there is a Fedora Magazine article coming up soon by @lmacken that details exactly how to use Yuibkeys on Fedora for 2FA. I think we could either update the wiki page with the information from his article or just add a notice at the top of the page directing visitors to the Fedora Magazine article.

@jflory7 @zoglesby Thumb up for the coming article by @lmacken that details exactly how to use Yuibkeys on Fedora for 2FA. I think it's useful to add a notice at the top of the wiki page directing visitors to the Fedora Magazine article. Anyway the ticket is about the possibility of burning not a Yubikey only for 2FA, but also generic U2F keys.

Should this be redirected to the infra group?

Yes, there is nothing CommOps can do about this.

Yes, there is nothing CommOps can do about this.

I guess I missed zoglesby's last comment, but there is actually an article on the Fedora Magazine for this now. So I'll mark the ticket as complete.

@jflory7 changed the status to Closed

8 years ago

Log in to comment on this ticket.
