On Wed, 2026-07-01 at 06:13 -0400, Neal Gompa wrote: > I mean, this one is mostly the fault of FreeIPA. It isn't designed for > community projects, and shoehorning it into Fedora has resulted in > this flaw. It won't be fixed because no corporate customer of IdM > needs it, since the model works for business deployments. > > It isn't going to get fixed because IdM doesn't consider Fedora an > important customer/stakeholder/etc for feature development.
I don't think this is accurate at all. AFAIK FreeIPA has all the 2FA support we could ever use - it supports far more sophisticated setups than we've ever even tried. Alexander gives talks about this stuff constantly. AFAIK the issues are rather with Ipsilon being ancient and unmaintained, and integration into trickier workflows like fedpkg (since most 2FA things tend to assume you're in a web browser), none of which FreeIPA can do anything about. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @[email protected] https://www.happyassassin.net -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
