Originally published at: Introducing the new Fedora Accounts – Fedora Community Blog
Every Fedora contributor is familiar with FAS (the Fedora Account System), and has used it to create and manage their Fedora Contributor Account. The current “FAS2” system was first deployed in 2008, and has managed Fedora users and groups for over 13 years.
The FAS2 software, however, is showing it’s age. It has proved increasingly hard for the Fedora Infrastructure team to support and maintain.
Enter Fedora Accounts
Fedora Accounts is the new place for creating and maintaining your Fedora contributor account. When it goes live in the end of March 2021, it will be available at accounts.fedoraproject.org.
You can test out the new system today on the staging instance, which is available at admin.stg.fedoraproject.org/accounts.
A whole new system
It is important to note that the new Fedora Accounts is not just a new user interface on the old FAS2 system. Fedora Accounts uses FreeIPA on the backend, with the new custom freeipa-fas plugin applied to add extra functionality for Fedora Accounts.
The new web frontend is powered by a new piece of software named Noggin, which provides a tailored UI for creating and managing your Fedora contributor account, and interfaces directly with the FreeIPA backend.
Changes from FAS2
As Fedora Accounts is an entirely new system, there are some changes in how users interact with the system.
FAS2 had group administrators that gave permissions to those users to add new administrators, add new group members, and edit the finer details of the group.
The new FreeIPA-based Fedora Accounts replaces group administrators with Sponsors who have permissions to just add new group members.
Changing Group Details
Changes to group details (like group description or contact information), or changes to the sponsors of a group are no longer self-service, and require filing a fedora-infra request.
Note for current Group Administrators in FAS2: Review your group’s details in FAS2 now and ensuring they are correct before the import into the new system. This will streamline the process and save you from filing a ticket later on.
Previously, FAS2 had the ability for users to apply for groups, and a group administrator needed to approve these requests. However, many groups have specific joining procedures involving interacting with the group via other channels (like email or IRC). In the new Fedora Accounts, a group sponsor adds new members to the group; there is no additional process required in the accounts system.
Note for current Group Administrators in FAS2: Review your group’s join process to omit the group application step. Instead, inform new contributors whom or where to contact to gain group membership.
Two-factor authentication with TOTP
The new system also provides the ability for all users to enable two-factor authentication on their Fedora contributor account using TOTP. This allows you to use an authentication application such as FreeOTP to generate a one-time password when logging in. The Fedora Accounts documentation contains more information on enabling this new feature.
Note: If you are a member of a Sysadmin group, you must enable two-factor authentication to retain membership.
Try out Fedora Accounts
The new Fedora Accounts is slated for production release by the end of March 2021. You can try it out now in staging at admin.stg.fedoraproject.org/accounts. Note that while your account from FAS will be imported into the staging instance, your password will not be. Use the Reset Password feature in the UI to reset your password on staging for testing it out.
Also for further reading, see the documentation already available on the Fedora Documentation site.