For centrally managed users on Fedora systems enrolled into Active Directory, FreeIPA, or LDAP, enable capability to log-in to desktop or a console terminal with a FIDO2-compatible device supported by the libfido2 library. For FreeIPA, additionally, once user has been authenticated with the FIDO2-compatible device, allow to issue a Kerberos ticket.
Note: for the purpose of this feature, passkey is a FIDO2 compatible device supported by the libfido2 library. If a hardware token implements other authentication mechanisms aside from FIDO2, these aren't considered by this feature.
Owners, do not implement this work until the FESCo vote has explicitly ended. The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed. See the FESCo ticket policy and the Changes policy for more information.
REMINDER: This ticket is for FESCo members to vote on the proposal. Further discussion should happen in the devel list thread linked above.
+1
Fixed the link in the first message in the ticket. 😜
For the record, I believe this passed the threshold for acceptance a few days ago. Marking it accepted.
Metadata Update from @sgallagh: - Issue tagged with: pending announcement
APPROVED (+6, 0, 0)
Announced.
Metadata Update from @zbyszek: - Issue untagged with: pending announcement - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.