why no mfa? (#73324)
Co-authored-by: Sandra McCann <samccann@redhat.com> Co-authored-by: Rick Elrod <rick@elrod.me>
This commit is contained in:
parent
e6da544310
commit
dec443e3a5
|
@ -739,6 +739,21 @@ fails if the remote filename requires quotes to escape spaces or non-ascii chara
|
|||
|
||||
.. note:: If you see an ``invalid argument`` error when using ``-T``, then your SCP client is not performing filename validation and will not trigger this error.
|
||||
|
||||
.. _mfa_support:
|
||||
|
||||
Does Ansible support multiple factor authentication 2FA/MFA/biometrics/finterprint/usbkey/OTP/...
|
||||
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
|
||||
No, Ansible is designed to execute multiple tasks against multiple targets, minimizing user interaction.
|
||||
As with most automation tools, it is not compatible with interactive security systems designed to handle human interaction.
|
||||
Most of these systems require a secondary prompt per target, which prevents scaling to thousands of targets. They also
|
||||
tend to have very short expiration periods so it requires frequent reauthorization, also an issue with many hosts and/or
|
||||
a long set of tasks.
|
||||
|
||||
In such environments we recommend securing around Ansible's execution but still allowing it to use an 'automation user' that does not require such measures.
|
||||
This is something that Tower/AWX excels at by allowing administrators to set up RBAC access to inventory, along with managing credentials and job execution.
|
||||
|
||||
|
||||
.. _docs_contributions:
|
||||
|
||||
How do I submit a change to the documentation?
|
||||
|
|
Loading…
Reference in a new issue