yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1245913] Re: register with an Identity Provider based on one time password

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Falcon <1245913@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 May 2023 00:58:54 -0000
Reply-to: Bug 1245913 <1245913@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/2406

** Bug watch added: github.com/canonical/cloud-init/issues #2406
   https://github.com/canonical/cloud-init/issues/2406

** Changed in: cloud-init
       Status: Triaged => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1245913

Title:
  register  with an  Identity Provider based on one time password

Status in cloud-init:
  Expired

Bug description:
  When launching a virtual machine, the baseline access method used by
  most infrastructure is to copy a public key onto the vm in a known
  location.  This has several shortcomings:

  1.  Keys have no expiration or revocation
  2.  Keys are specific to a user, providing no way top perform group operations

  A preferred approach is to register the machine with a centralized
  authenitation source, such as FreeIPA.

  While it is possible to perform the registration in two steps, therei
  s a naming issue involved that makes it difficult to perform.

  Inseat, we want to be able to specify a new key for a one time
  password, or OTP.  For FreeIPA, the goal is to do something like

  ipa-client-install  ${otp}

  during the cloud-init process, without taking over all of cloud-init.

  This bug is for the feature.  We will continue to drive the design in
  the comments.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1245913/+subscriptions