SSSD 2.9.0 and FreeIPA 4.11.0 recently implemented a new feature, called passkey, to use FIDO2 authentication for centrally managed users. Fedora 39 already includes those versions, and thus, it’s the first distribution to enable FIDO2 authentication for centrally managed users.
The workflow to enable FIDO2 authentication is not difficult, but it contains several steps, and having a guide explaining how to do it would be useful. In addition, the article will help to spread the word about this feature.
Article Description:
Introduction to FIDO2, the benefits of its use and the exact versions that allow this type of authentication (SSSD 2.9.0, FreeIPA 4.11.0 and Fedora 39). Guide to enable FIDO2 authentication for a user and article wrap-up.
It would be really helpful if you could take a look at our Quick Docs article Using YubiKeys with Fedora. FIDO2 is just a part of it, but it would be advantageous if the information is coordinated or at least not contradictory.
I have read it and that article explains how to use various protocols implemented by Yubikeys (i.e. OTP, PIV, FIDO2, etc.). The specific part that mentions FIDO2 refers to local user authentication, while the proposal in this article is for centrally managed users (i.e. LDAP). Therefore, the objective is different.
I don’t think there will be any contradiction, as far as coordination is concerned, it would be difficult because the previously mentioned documentation is about Yubikeys in general and my article proposal is for FIDO2 and centrally managed users. So, although it seems that there may be an overlap, the two will be complementary.
Please use comments on ticket #238 1 if you have questions or need to communicate with the editors about anything.
The overall work flow is described at this link as well as other helpful information.
When you have it ready to review in the Fedora Magazine WordPress site, please leave a comment in this ticket, with a preview link, and we will start the review process.
Thanks for volunteering to write for the Fedora Magazine!