2024-08-08 –, Lenovo (Breakout 1)
When using FreeIPA with Fedora 37 or later, one can login with the help of external identity providers using OAuth2 device authorization flow. With Fedora 39 a support for passkeys (FIDO2 tokens) was added. Yet, this did not work well for a login to a GNOME session.
This talk is a report on our progress in expanding use of passwordless methods in Fedora. GNOME login integration is improving and will get better usability for OAuth2 authentication. At the same time, support for standalone passwordless experience, without using FreeIPA will soon be possible as well, opening a way to use the same improved security features for a default Fedora workstations and servers.
Sr. Principal Software Engineer at Red Hat, working on security and identity management. Actively participates in FreeIPA, SSSD, Samba, and many other free software projects targeting an open source enterprise environments.