|
|
Subscribe / Log in / New account

2FA KRB5 open source solutions for larger organization (20k+ students and staff)

2FA KRB5 open source solutions for larger organization (20k+ students and staff)

Posted Mar 30, 2025 15:16 UTC (Sun) by mathstuf (subscriber, #69389)
In reply to: 2FA KRB5 open source solutions for larger organization (20k+ students and staff) by ppisa
Parent article: Lessons from open source in the Mexican government

Fedora uses 2FA with Kerberos (at least I need my TOTP key when getting a new ticket). I can't imagine it is backed by MS ADS, but it doesn't seem like a *Kerberos* deficiency.

to post comments

2FA KRB5 open source solutions for larger organization (20k+ students and staff)

Posted Apr 3, 2025 11:08 UTC (Thu) by cortana (subscriber, #24596) [Link] (1 responses)

This is probably using FreeIPA on the directory side; a smart card, TOTP or U2F token can be associated with a user account, and the directory can be configured to require its use to hand out a TGT. Unfortunately if you rely on AD Domain Services for your identity store, you also rely on it for Kerberos and you're very limited by what it's able to do regarding MFA. If your organization moves away from AD Domain Services towards pure-cloud MS Entra then you're screwed...

2FA KRB5 open source solutions for larger organization (20k+ students and staff)

Posted Apr 3, 2025 18:25 UTC (Thu) by nirik (subscriber, #71) [Link]

Yes, fedora uses IPA on the backend...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds