Le jeudi 04 avril 2024 à 13:46 +0300, Andrei Borzenkov a écrit :
On Thu, Apr 4, 2024 at 12:16 PM Atri Bhattacharya
wrote: 2. Perhaps it is time to allow 2FA, and indeed make it mandatory, for packagers on build.o.o. 2FA is certainly not hack-proof, but it is better than the simple password based authentication we currently use. This will also cut down on spam comments, that have been slowly growing in number.
How will it interoperate with API (in particular, osc)?
Anyway, users are authenticated by the external identity provider so it is rather the question to IDP whether it can support 2FA.
It does. SUSE Internal Build Service (IBS) and IDP are already using 2FA, and osc supports it, either with TOTP or ssh keys. This is mostly a matter of enabling that part on openSUSE side (I'm not sure about the 2FA enrollment part, which might be specific to SUSE internal IT) but I'm no openSUSE Hero. -- Frederic CROZAT Enterprise Linux OS and Containers Architect SUSE