#158 [Talk-50] State of authentication and identity management in Fedora
Opened 8 months ago by abbra. Modified 7 months ago

Q1. What is your proposal?

State of authentication and identity management in Fedora

Fedora Project is often seen as a leading test bed for identity management, thanks to its close relationship with FreeIPA, SSSD, and other projects. However, we rarely talk about goals and use cases these projects are trying to solve within Fedora distributions' context. Changes happen almost in every Fedora release: authconfig replaced by authselect, SSSD providing a new Kerberos credentials cache storage, smartcards support being added and a multitude of other changes came in with FreeIPA or Samba refreshes. Still, use of new features is somewhat limited by a relative complexity of detecting and setting up actual environments.

With the addition of Fedora Silverblue, many classic desktop integration methods that are backed by FreeIPA, Samba and SSSD tools would need to be re-thought to fit immutable containerised environments.

There is also an industry-wide effort to reduce use of insecure versions of various network protocols. While there is a good progress with protocols like TLS and common security policies, ease of use for desktop users directly clashes with these activities and we need to look into how both user experience and security could be improved.

The talk is going to provide a Fedora-wide overview of the work being done by multiple teams to improve identity and authentication packaging infrastructure within Fedora projects, how individual components play together and what to expect in future.

Q2. Who in addition to the speaker needs to be in the room for this to succeed? This could be the audience you need to reach, other participants in the conversation, or other stakeholders.

  • Fedora users and system administrators
  • Silverblue developers (rishi)
  • Fedora QE (adamw)
  • Fedora Server (sgallagh)

Q3. Is this a…

  • 50 minutes: Talk

Q4. Anything else we need to know?

standard talk setup is enough

Q5. Who are you?

  • Name: Alexander Bokovoy
  • FAS ID: abbra
  • IRC Nick, if not FAS ID: ab

This would be very useful (and a great breakout from the State of the Fedora Server, where we usually mention wanting to do more in this space but don't always have time for it in that session).

Metadata Update from @mattdm:
- Issue assigned to mattdm

7 months ago

Metadata Update from @mattdm:
- Issue marked as blocking: #223
- Issue tagged with: Talk Accepted

7 months ago

Login to comment on this ticket.

Metadata