New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Hardware Key PIN #31743
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Joerger
changed the base branch from
joerger/refactor-hardware-key-mfa-verification
to
joerger/piv-pin-policy-base
September 12, 2023 01:36
Joerger
force-pushed
the
joerger/piv-pin-policy
branch
2 times, most recently
from
September 15, 2023 02:17
4a5c870
to
e9775e2
Compare
github-actions
bot
added
rfd
Request for Discussion
size/md
tsh
tsh - Teleport's command line tool for logging into nodes running Teleport.
labels
Sep 15, 2023
Joerger
force-pushed
the
joerger/piv-pin-policy
branch
4 times, most recently
from
September 15, 2023 21:05
56efe16
to
0b7b62a
Compare
Joerger
force-pushed
the
joerger/piv-pin-policy-base
branch
from
September 20, 2023 00:54
3e3d458
to
3504aa1
Compare
Joerger
force-pushed
the
joerger/piv-pin-policy
branch
2 times, most recently
from
September 20, 2023 01:28
32f914a
to
157792b
Compare
Joerger
force-pushed
the
joerger/piv-pin-policy-base
branch
from
September 20, 2023 23:46
7aeaa0d
to
43eb67e
Compare
Joerger
force-pushed
the
joerger/piv-pin-policy
branch
2 times, most recently
from
September 21, 2023 00:01
e11026a
to
157a6f7
Compare
This was referenced Sep 21, 2023
Joerger
force-pushed
the
joerger/piv-pin-policy
branch
from
September 27, 2023 19:58
157a6f7
to
28273c3
Compare
Joerger
requested review from
klizhentas,
russjones and
zmb3
as code owners
September 27, 2023 19:58
Joerger
changed the base branch from
joerger/piv-pin-policy-base
to
joerger/custom-piv-slot
September 27, 2023 19:58
Joerger
force-pushed
the
joerger/piv-pin-policy
branch
from
October 13, 2023 18:15
608b436
to
1e41ef0
Compare
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Oct 13, 2023
Joerger
added a commit
that referenced
this pull request
Oct 13, 2023
Joerger
added a commit
that referenced
this pull request
Oct 13, 2023
Joerger
added a commit
that referenced
this pull request
Oct 14, 2023
Joerger
added a commit
that referenced
this pull request
Oct 14, 2023
Joerger
added a commit
that referenced
this pull request
Oct 16, 2023
Joerger
added a commit
that referenced
this pull request
Oct 16, 2023
smallinsky
pushed a commit
that referenced
this pull request
Oct 17, 2023
* Update RFD with hardware key pin policies. * Consolidate policy logic and update tests. * Add pin private key policies; Make PIV PIN/Touch prompts work together. * Prompt user to set pin/puk from default. * Handle unexpected PIN auth errors. * Resolve RFD password prompt comment. * Handle incompatible private key policy in role sets (future-proof). * Resolve comment on require mfa type string godocs and tests. * A satisfying change. * Address PIN/PUK prompt comments and other code suggestions. * Resolve comments. * Fix test that prompts for pin twice. * Fix test.
smallinsky
pushed a commit
that referenced
this pull request
Oct 17, 2023
* Update RFD with hardware key pin policies. * Consolidate policy logic and update tests. * Add pin private key policies; Make PIV PIN/Touch prompts work together. * Prompt user to set pin/puk from default. * Handle unexpected PIN auth errors. * Resolve RFD password prompt comment. * Handle incompatible private key policy in role sets (future-proof). * Resolve comment on require mfa type string godocs and tests. * A satisfying change. * Address PIN/PUK prompt comments and other code suggestions. * Resolve comments. * Fix test that prompts for pin twice. * Fix test.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I recommend reviewing commit by commit.
Changes:
hardware_key_pin
andhardware_key_touch
. Like the existinghardware_key_touch
, these types count as a replacement for MFA verification for per-session MFA and admin actions MFA.Based off of #32275