Using Fedora Accounts

How do I create a new account?

To create a new account, go to the home page (either for Fedora Accounts or CentOS accounts) choose the register tab, and fill out your basic details:

image

An email will be sent to your provided email address that includes a validation link, follow this link back to validate your email, then set your password:

image

After setting your password you will be logged into your new account automatically:

image

How do I add and use two-factor authentication?

Fedora Accounts / CentOS Accounts features the ability to configure and user two-factor authentication through the user of OTP tokens. by default, the system generates Time-based One-time Password (TOTP) tokens, which can be used with authentication apps such as FreeOTP.

To create an OTP token, go to the OTP tab in the user settings, and click the Add OTP Token button:

image

Next, add a name for the token and provide your password again. Something descriptive like the name of the app you are adding the token to might prove useful it you decide to add more tokens later:

image

Your token is now created. Using your chosen authenticator application, scan the QR code and add it to your app.

image

Next time you log in, you will need to enter in your password followed by the 6 digit OTP code generated by your chosen authenticator app.

How do I get a kerberos ticket if I have two-factor authentication enabled?

When two-factor authentication is enabled on an account (i.e. at least one OTP token is defined in your account), additional configuration is required to get a kerberos ticket with kinit. Running kinit without this configuration will result in the following error:

kinit: Pre-authentication failed: Invalid argument while getting initial credentials

To configure your system to get a kerberos ticket for an account with two-factor authentication enabled:

1. Install / Update fedora-packager

Install / Update the fedora-packager package from the Fedora repositories:

sudo dnf install fedora-packager

If you have previously installed fedora-packager, ensure you update it to the most recent version (fedora-packager-0.6.0.5-1) or later. The newest version contains updates to ensure this procedure works with Fedora Accounts, and adds krb5-pkinit as a new dependency of fedora-packager

fedora-packager provides a range of tools for fedora packagers and contributors. It also provides krb5 configurations (in /etc/krb5.conf.d/) for connecting to the FEDORAPROJECT.ORG realm.

2. initialize the Credentials Cache

Run the following command to initialize the credentials cache. Note that this command creates the armor.ccache file that you will need to point to whenever you request a new kerberos ticket

kinit -n @FEDORAPROJECT.ORG -c FILE:armor.ccache

Note that this command should not prompt you for a password. If this command returns Password for WELLKNOWN/ANONYMOUS@FEDORAPROJECT.ORG: please double-check that fedora-packager is updated to the most recent version (fedora-packager-0.6.0.5-1) or later.

3. Request the kerberos ticket

This step is what you will need to complete from now on whenever you request a Kerberos ticket

Finally, request the kerberos ticket with the following command:

kinit -T FILE:armor.ccache <username>@FEDORAPROJECT.ORG

You will be presented with the following prompt, be sure to Enter your password first, followed by the OTP Token Value:

Enter OTP Token Value:

Even though the prompt states to enter the OTP token value, authentication will fail unless you enter your password, followed by the OTP token value

How do I become a member of a group?

Group Sponsors have the ability to add new members to the group. A group should provide the information required to request access to the group, otherwise contact a group sponsor directly.

Previously, In FAS2, a user could request access to a group, which a group admininstrator could either approve or deny. Now, users are simply added to the group by a sponsor after requesting access through other channels for that group, such as email or IRC.

How do I stop being a member of a group?

As a group member, you can choose to leave a group at anytime. Press the leave group button on the group detail page:

image

If you are the sponsor of a group, you can simply remove yourself from the group, as you would remove any other user.

What is a group sponsor?

Groups have users with a special sponsor privilege. If a user is a sponsor of a group, they are able to add and remove group members. The sponsors of a group are listed above the group members.

image

Previously in FAS2, groups had special admininstrator users that had the ability to add both new members and new admininstrators to a group. Now, groups have Sponsors which have the ability to add new members to a group.

How do I become a sponsor of a group?

Becoming a sponsor of a group is a special process that is completed by the Fedora Infra team. To apply for sponsor status of a group, file a ticket in the fedora infrastructure ticket tracker: https://pagure.io/fedora-infrastructure/new_issue

How do I stop being a sponsor of a group?

Stopping being a sponsor of a group is a special process that is completed by the Fedora Infra team. To remove your sponsor status of a group, file a ticket in the fedora infrastructure ticket tracker: https://pagure.io/fedora-infrastructure/new_issue

As a group sponsor, how do I add members to the group?

Add new members to a group in the group detail page. If you are the sponsor of a group, a search bar is visible at the top of the user listing on the group detail page:

image

Simply search for the user that you want to add, and press enter to add them to the group:

image

As a group sponsor, how do I remove members from a group?

Remove members from a group in the group detail page. If you are the sponsor of a group, each of the users in the user listing have a trash icon button. Simply click this to remove this user from the group.

image