-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-Factor Authentication #24
Comments
Picking your brain on this to get the discussion started. Eventually, would we want the config to be able to look something like
? |
Not really. MFA shouldn't be a separate configuration nor is it a different authentication provider. It's a multi-step authentication. I recommend you should first run the server, experiment with its config, the structure, and how the code loads and matches the respective authentication provider. Don't worry about changing the config structure as long as the final structure makes sense and is future-proof. Ideally, the second factor is a TOTP. Check the TOTP PR for a sense of how TOTP is set up, what it requires, and think of how it could be retrofitted for MFA. |
The x/crypto/ssh library has recently added support for MFA (see golang/go#61447 and CL 516355). Supporting MFA requires a refactor of the current authentication implementation, so retrofitting might be tricky.
Brainstorming is welcome.
The text was updated successfully, but these errors were encountered: