Using Fedora Accounts
An email will be sent to your provided email address that includes a validation link, follow this link back to validate your email, then set your password:
After setting your password you will be logged into your new account automatically:
Fill in your username:
Open the link from the reset email and enter your new password. If you have two-factor authentication enabled, include a One Time Password from your authenticator app:
If successful, you should see the following message:
Fedora Accounts / CentOS Accounts features the ability to configure and user two-factor authentication through the user of OTP tokens. by default, the system generates Time-based One-time Password (TOTP) tokens, which can be used with authentication apps such as FreeOTP (Android - Apple) or AuthenticatorPro (Android).
To create an OTP token, go to the OTP tab in the user settings, and click the Add OTP Token button:
Next, add a name for the token and provide your password again. Something descriptive like the name of the app you are adding the token to might prove useful it you decide to add more tokens later:
Your token is now created. Using your chosen authenticator application, scan the QR code and add it to your app.
Next time you log in, you will need to enter in your password followed by the 6 digit OTP code generated by your chosen authenticator app.
When two-factor authentication is enabled on an account (i.e. at least one OTP token is defined in your account), additional configuration is required to get a kerberos ticket with kinit. Running kinit without this configuration will result in the following error:
kinit: Pre-authentication failed: Invalid argument while getting initial credentials
To configure your system to get a kerberos ticket for an account with two-factor authentication enabled:
Install / Update the
fedora-packager package from the Fedora repositories:
sudo dnf install fedora-packager
If you have previously installed
fedora-packager provides a range of tools for fedora packagers and contributors. It also provides
krb5 configurations (in
/etc/krb5.conf.d/) for connecting to the FEDORAPROJECT.ORG realm.
Run the following command to initialize the credentials cache. Note that this
command creates the
armor.ccache file that you will need to point to whenever you
request a new kerberos ticket
kinit -n @FEDORAPROJECT.ORG -c FILE:armor.ccache
Note that this command should not prompt you for a password. If this command returns
Password for WELLKNOWN/ANONYMOUS@FEDORAPROJECT.ORG: please double-check that
fedora-packager is updated to the most recent version (
fedora-packager-0.6.0.5-1) or later.
This step is what you will need to complete from now on whenever you request a Kerberos ticket
Finally, request the kerberos ticket with the following command:
kinit -T FILE:armor.ccache <username>@FEDORAPROJECT.ORG
You will be presented with the following prompt, be sure to Enter your password first, followed by the OTP Token Value:
Enter OTP Token Value:
Even though the prompt states to enter the OTP token value, authentication will fail unless you enter your password, followed by the OTP token value
Group Sponsors have the ability to add new members to the group. A group should provide the information required to request access to the group, otherwise contact a group sponsor directly.
Previously, In FAS2, a user could request access to a group, which a group admininstrator could either approve or deny. Now, users are simply added to the group by a sponsor after requesting access through other channels for that group, such as email or IRC.
As a group member, you can choose to leave a group at anytime. Press the leave group button on the group detail page:
If you are the sponsor of a group, you can simply remove yourself from the group, as you would remove any other user.
Groups have users with a special sponsor privilege. If a user is a sponsor of a group, they are able to add and remove group members. The sponsors of a group are listed above the group members.
Previously in FAS2, groups had special admininstrator users that had the ability to add both new members and new admininstrators to a group. Now, groups have Sponsors which have the ability to add new members to a group.
Becoming a sponsor of a group is a special process that is completed by the Fedora Infra team. To apply for sponsor status of a group, file a ticket in the fedora infrastructure ticket tracker: https://pagure.io/fedora-infrastructure/new_issue
Stopping being a sponsor of a group is a special process that is completed by the Fedora Infra team. To remove your sponsor status of a group, file a ticket in the fedora infrastructure ticket tracker: https://pagure.io/fedora-infrastructure/new_issue
Add new members to a group in the group detail page. If you are the sponsor of a group, a search bar is visible at the top of the user listing on the group detail page:
Simply search for the user that you want to add, and press enter to add them to the group: