[rancid] OTP/2-factor authentication
Hank Kilmer
hank at kilmer.org
Wed Feb 21 21:41:21 UTC 2018
'heasley' wrote:
> Wed, Feb 21, 2018 at 08:27:14PM +0000, Wayne Eisenberg:
>> I believe you are correct. It happens when certain people insist on a policy that requires the only way to connect is via 2-factor and don't make any accommodation for things like this or the need to be able to script a large rollout of a change, etc.
>>
>> Thanks.
>
> ie: management
>
> a thought is that an oauth2-like system might work - but thats just another
> form of password expiration.
I've seen companies get around some of this by requiring the 2-factor to
get into a bastion host where the scripts are run from (and/or rancid).
Not ideal but a work-around.
More information about the Rancid-discuss
mailing list