2022-03-03T12:24:17  <gevreeen> all right. I wonder whether {open,}suse have any plan for 2fa rollout? and if I'm to take the burden of implementing and upstreaming, would you accept a non-standard totp implementation which takes 80 base64 chars as output (with hkdf/sha512 with a much longer secret string alongside an option to make this the primary 1fa)?
2022-03-03T12:28:04  <LCP0968[m]> I was hoping we would have been using freeipa based system which would have included 2fa
2022-03-03T12:30:35  <gevreeen> ok. so you are after std totp (probably for the convenience of a phone app)
2022-03-03T12:30:56  <LCP0968[m]> honestly doesn't really matter
2022-03-03T12:31:08  <LCP0968[m]> that would be easier for our users for sure
2022-03-03T12:31:44  <LCP0968[m]> and accessibility of security is like half of the important part in a system being actually secure, you  know
2022-03-03T12:32:35  <gevreeen> (and yet never saw github/gitlab/launchpad/redhat/etc actually forcing cert-based TLS mutual authentication on systems as critical as developer accounts)
2022-03-03T12:33:10  <gevreeen> (if folks do really care about systems being actually secure)
2022-03-03T12:34:19  <LCP0968[m]> you can't really beat the simplicity of ssh keys >:D
2022-03-03T12:34:22  <gevreeen> (while I do have this very thing set up on my home router . . .)
2022-03-03T12:37:32  <gevreeen> . . . maybe then we should just do secure login the way git does, bloody pipe it over ssh, except this time being some socks5 proxy over ssh which only allows a limited set of domains, if you are really after solutions in the style of ssh
2022-03-03T12:39:05  <gevreeen> anyway, this is going nowhere. sorry for bothering you.
2022-03-03T12:40:17  <LCP0968[m]> feel free to suggest this on admin@opensuse.org, but I suspect it would get nowhere fast
2022-03-03T12:40:23  <LCP0968[m]> it doesn't hurt to try though
2022-03-03T16:02:42  <henne> ory.sh!
2022-03-03T16:03:23  <henne> darix- has packages even 🙂 
2022-03-03T16:03:48  <henne> I've been pushing internally a bit. but to no avail, yet
2022-03-03T17:11:33  <LCP0968[m]> not familiar with ory.sh tbh
2022-03-03T17:13:10  <LCP0968[m]> I wanted to have us use freeipa and noggin mostly because it does have the features that make it easier to do membership management for the membership officials
2022-03-03T17:13:24  <LCP0968[m]> since freeipa can also manage email aliases
2022-03-03T17:13:30  <LCP0968[m]> and groups
2022-03-03T17:19:14  <LCP0968[m]> plus, you know, noggin is written for open source communities, not just is open source
2022-03-03T17:19:58  <LCP0968[m]> meaning it does provide much more of a great experience for the community members and isn't focused on just the core authentication stuff
2022-03-03T17:20:24  <LCP0968[m]> which is great considering we could use something like connect that isn't woefully outdated and still lets us extend it to some extent
2022-03-03T17:20:51  <LCP0968[m]> which is honestly a huge gripe I have with the current system too
2022-03-03T21:12:04  *** Outrunner[m] is now known as Outrunner2031[m]