This library enable two-factor authentication in the django-admin. It does that by adding an extra field to the default login page, for the yubikey OTP. Currently this supports stock django and django-grappelli
Unfortunately, support for Django 1.8 meant a breaking change with previous versions. In order to force this on ourselves, we've moved over to using email addresses for authenticatin.
pip install django-yubikey-admin
Add 'django_yubikey_admin' to your INSTALLED_APPS
Add django_yubikey_admin.auth_backends.YubikeyAuth to your AUTHENTICATION BACKENDS like the example below.
AUTHENTICATION_BACKENDS = ('django_yubikey_admin.auth_backends.YubikeyAuth', )
Set your YUBIKEY_CLIENT_ID (if you don't have one registered, it's 16)
Set your YUBIKEY_SECRET_KEY if applicable
By default, this library validates your yubikey against the yubico servers. If you'd like to maintain a local store of valid yubikeys, ensuring that a user can only log in if their yubikey is known, then set the option below.
- DJANGO_ADMIN_YUBIKEY_CACHE = True
If you do the above, then you can no longer rely on the the django superuser during your initial sync/migrate of the database. You'll need to create your users, and then add their YubiKeys in the django admin.
How It Works
This library implements a custom authentication backend. The login form itself supports an extra OTP field, for yubikeys. After user authentication completes, the yubikey authentication takes place. If it passes, access to the django admin is granted, failing that - it fails.
- Python 2.6+ or Python 3.3+
- Django 1.7+