- Based on the auth.serial + the google authenticator reference implementation + yubikey demo php implementation. With this plugin you can authenticate users 4 different ways:
-
- The authentication method can be set up per users, so it is possible that someone authenticate with password, other user authenticate with YubiKey, and someone else authenticate with both YubiKey and Google Authenticator.
-
- Before the upgrade you have to disable serial_otp module. In the bootstrap_plugins.php replace the authentication driver from serial_otp to serial. You should leave the USERS_FILEPATH unchanged because its format compatible with serial auth plugin. After the modification the relevant part of bootsrap_plugins.php should look similar to this:
-- "AUTH_DRIVER" => array( - "NAME" => "serial", - "OPTIONS" => array( - "LOGIN_REDIRECT" => false, - "USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.serial_otp/users.ser", - "AUTOCREATE_AJXPUSER" => false, - "TRANSMIT_CLEAR_PASS" => true, - "YUBICO_SECRET_KEY" => "xxxxxxxxxxxxxxxxxxxxxxxxxxx", - "YUBICO_CLIENT_ID" => "1111" - ) - ), -+
With authfront.otp, you can cooperate with any backend auth like ldap, mysql...
+ +Based on the google authenticator reference implementation + yubikey demo php implementation. With this plugin you can authenticate users 4 different ways:
+- IMPORTANT: Users yubikey / Google Authenticator informations are NOT migrated during upgrade. You have to set up them again.
-- - (Theoretically possible to migrate the yubikey / GA informations too. But I have less than 10 users and migrating them by hand was much less effort than writing a migration code)
--
-
- You need to install php-yubico from http://code.google.com/p/php-yubico/
-
- wget http://php-yubico.googlecode.com/files/Auth_Yubico-2.4.tgz + +The authentication method can be set up per users, so it is possible that someone authenticate with password, other user authenticate with YubiKey, and someone else authenticate with both YubiKey and Google Authenticator.
+ +
+Installation yubico package
+ +You need to install php-yubico from http://code.google.com/p/php-yubico/
+ ++wget http://php-yubico.googlecode.com/files/Auth_Yubico-2.4.tgz pear install Auth_Yubico-2.4.tgz--
-
- Do not forget to install or enable php-curl for Auth_Yubico.
+Do not forget to install or enable php-curl for Auth_Yubico.
- Instance Type: Serial One-time-password
-- Users: AJXP_DATA_PATH/plugins/auth.serial_otp/users.ser
-- Yubico Secret Key: your Yubico Secret Key generated at http://api.yubico.com/get-api-key/ or blank when you don't plan to use YubiKey
-- Yubico Client Id: your Yubico Client Id generated at http://api.yubico.com/get-api-key/ or blank when you don't plan to use YubiKey
-- Google Authenticator, Google Authenticator Last, YubiKey 1, YubiKey 2: leave them blank.
-- Transmit Clear Pass: Yes
-- Just for new auth.serial_otp users: copy all files and directories from data/auth.serial to data/auth.serial_otp
-- Try it: logout and login again with your password
--
-- Add the "Google Authenticator" and "Google Authenticator Last" fields to users. You can do it one by one, or you can add a group of users by adding it to a role. Adding it to all users use the Root Role:
-- Workspaces & Users >> Roles >> Root Role >> Parameters tab
+ +Enabled: Yes
+Order:default is 13 (don't change it)
+Protocol type: Sessions only
+Yubico secret KEY
+Yubico Client Id: your Yubico Client Id generated at http://api.yubico.com/get-api-key/ or blank when you don't plan to use YubiKey
+Modify login page: Yes (There is a line added into login page "* OTP enabled")
+in Users & Groups, select user to configuration
+ +In the tab bar: Account info ||| ACL ||| Actions ||| Parameters => select Parameters
+- Leave both parameter blank in All Workspaces tab.
-- Hint: Adding this parameters to all users does not means all users have to use GA. Leave this parameters blank in per user configuration and user can log in with his/her password or password + yubikey if the yubikey if it is enabled.
--
-- Add the "YubiKey 1" and "YubiKey 2" fields to users. You can do it one by one, or you can add a group of users by adding it to a role. Adding it to all users use the Root Role:
-- Workspaces & Users >> Roles >> Root Role >> Parameters tab
+ +then click Add parameter
+then click Add parameter
+ +In the same window, session "All workspaces"
+- Leave both parameter blank in All Workspaces tab.
-- Hint: Adding this parameters to all users does not means all users have to use yubikey. Leave this parameters blank in per user configuration and user can log in with his/her password or password + GA if the GA enabled.
--
-- You can set up per user configuration at Workspaces & Users >> Users & Groups >> <user> >> Parameters tab >> All Workspaces tab
-- Fill the Google Authenticator field with the Google Authenticator secret. It is a 16 charater long string, like P47IZDN4ZIXWLCCN
-
- !! DO NOT USE THE SAME SECRET AS YOUR GOOGLE ACCOUNT !!
-
- Don't touch the "Google Authenticator Last" field, it is updating automatically. It is used internally for the defense against replay attack.
- Use your in the YubiKey 1 or the YubiKey 2 field. Maximum two YubiKeys can be assigned to one user.
+then click save
+ +!!! DO NOT USE THE SAME SECRET AS YOUR GOOGLE ACCOUNT !!
+ +Use your in the YubiKey 1 or the YubiKey 2 field. Maximum two YubiKeys can be assigned to one user.