Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • infrastructure infrastructure
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 117
    • Issues 117
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 13
    • Merge requests 13
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Admin message

Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.

Admin message

Merge requests and Issues are disabled on Packages for non Arch Linux staff - we plan to open these to all registered Gitlab users in the foreseeable future.

  • Arch LinuxArch Linux
  • infrastructureinfrastructure
  • Issues
  • #112

Figure out how to handle Keycloak and 2FA resets

Resetting the password allows the user (or attacker) to add a new 2FA device without 2FA, which makes 2FA basically useless. We can fix the issue, by disabling the Reset OTP element in the Reset Credentials flow (relevant doc), but it breaks Forgot Password for some(all?) users.

We also need to set a policy for 2FA reset. Is it just bad luck?

Relevant upstream issues:

  • https://issues.redhat.com/browse/KEYCLOAK-13134
  • https://issues.redhat.com/browse/KEYCLOAK-14640

Relevant meeting notes: https://gitlab.archlinux.org/archlinux/infrastructure/-/wikis/meetings/2020-09-05

Edited Sep 06, 2020 by Sven-Hendrik Haase
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking