[rancid] OTP/2-factor authentication

Hank Kilmer hank at kilmer.org
Wed Feb 21 21:41:21 UTC 2018


'heasley' wrote:
> Wed, Feb 21, 2018 at 08:27:14PM +0000, Wayne Eisenberg:
>> I believe you are correct. It happens when certain people insist on a policy that requires the only way to connect is via 2-factor and don't make any accommodation for things like this or the need to be able to script a large rollout of a change, etc.
>>
>> Thanks.
> 
> ie: management
> 
> a thought is that an oauth2-like system might work - but thats just another
> form of password expiration.

I've seen companies get around some of this by requiring the 2-factor to
get into a bastion host where the scripts are run from (and/or rancid).
 Not ideal but a work-around.



More information about the Rancid-discuss mailing list