Re: Debian two-factor auth, GSoC?
On 04/12/2013 01:58 PM, Daniel Pocock wrote:
> There was never any suggestion to make something mandatory, I actually
> agree with those concerns
> Given the nature of Debian, it would be a personalised solution
> So, if a DD regularly accesses Debian infrastructure from a PC that he
> does not control (e.g. a work PC) he can choose to use TOTP instead of a
> password. A DD who always uses a personal laptop may prefer to use an
> ssh key. It is all about choice.
> With the right tools, DDs would have these choices each time they log
> in, or any one person can choose to make *OTP mandatory for their own login.
> So any potential GSoC project may involve making tools that allow DDs to
> set this up, the way they want, quickly - but only if they want it.
This seems to be a very sensible approach indeed.
P.S: Please don't CC me, I'm registered to the list.