Hi,
I have been working on an article to describe what we are doing in
FreeIPA and SSSD world with authentication against various identity
providers. Fedora developers also actively discussed what to do with
inactive maintainers and this is where we crossed over: it only took few
rounds to realise that improving security of a logon to Fedora accounts
is not an easy thing, sometimes there are social burdens on top of a
more general lack of resources or a need to write a bunch of code to
achieve a technical feasibility at all.
Long story short, there are now two articles, in a perfect XKCD style:
Part 1, where I am talking about Fedora infrastructure aspects:
https://vda.li/en/posts/2022/10/28/FreeIPA-Authentication-Improvements-an...
Part 2, where FreeIPA-specific improvements and details discussed:
https://vda.li/en/posts/2022/10/28/FreeIPA-Authentication-Improvements-an...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland