lemonldap-ng/doc/pages/documentation/1.4/authyubikey.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
 lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />

</head>
<body>
<div class="dokuwiki export">




<h1><a name="yubikey" id="yubikey">Yubikey</a></h1>
<div class="level1">
<table class="inline">
	<tr class="row0 roweven">
		<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
	</tr>
	<tr class="row1 rowodd">
		<td class="col0 centeralign">  ✔  </td><td class="col1"> </td><td class="col2"> </td>
	</tr>
</table>

</div>
<!-- SECTION "Yubikey" [1-75] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">

<p>

The <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey"  rel="nofollow">Yubikey</a> is a small material token shipped by <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com"  rel="nofollow">Yubico</a>. It sends an OTP, which is validated against Yubico server.
</p>

<p>
 You need <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/"  rel="nofollow">Auth::Yubikey_WebClient</a> package.
</p>

<p>
You need to get an client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/"  rel="nofollow">Yubico API</a> page.
</p>

</div>
<!-- SECTION "Presentation" [76-504] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">

<p>

In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Yubikey for authentication module.
</p>

<p>
<p><div class="notetip">You can then choose any other module for users and password.
</div></p>
</p>

<p>
Then, go in <code>Yubikey parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Application Programming Interface">API</acronym> client ID</strong>: <acronym title="Application Programming Interface">API</acronym> client ID from Yubico</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Application Programming Interface">API</acronym> secret key</strong>: <acronym title="Application Programming Interface">API</acronym> secret key from Yubico</div>
</li>
<li class="level1"><div class="li"> <strong>OTP public ID part size</strong>: Part of Yubikey OTP that will be used as the media identifier (default: 12)</div>
</li>
</ul>

<p>

<p><div class="notetip">You have to register the media identifer in your user backend (<acronym title="Lightweight Directory Access Protocol">LDAP</acronym> or <acronym title="Structured Query Language">SQL</acronym>) to match the yubikey with a real user. For example it can be stored as a second value of the uid attribute in the <acronym title="Lightweight Directory Access Protocol">LDAP</acronym> directory:
</p>
<ul>
<li class="level1"><div class="li"> uid: coudot</div>
</li>
<li class="level1"><div class="li"> uid: 123456789012 </div>
</li>
</ul>

<p>

</div></p>

</p>

</div>
<!-- SECTION "Configuration" [505-] --></div><!-- closes <div class="dokuwiki export">-->