No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
django_yubikey_admin
.gitignore
LICENSE
README.md
setup.py

README.md

django-yubikey-admin

This library enable two-factor authentication in the django-admin. It does that by adding an extra field to the default login page, for the yubikey OTP. Currently this supports stock django and django-grappelli

Django 1.8

Unfortunately, support for Django 1.8 meant a breaking change with previous versions. In order to force this on ourselves, we've moved over to using email addresses for authenticatin.

Setup

  • pip install django-yubikey-admin

  • Add 'django_yubikey_admin' to your INSTALLED_APPS

  • Add django_yubikey_admin.auth_backends.YubikeyAuth to your AUTHENTICATION BACKENDS like the example below.

    AUTHENTICATION_BACKENDS = ('django_yubikey_admin.auth_backends.YubikeyAuth', )

  • Set your YUBIKEY_CLIENT_ID (if you don't have one registered, it's 16)

  • Set your YUBIKEY_SECRET_KEY if applicable

Authentication Options

By default, this library validates your yubikey against the yubico servers. If you'd like to maintain a local store of valid yubikeys, ensuring that a user can only log in if their yubikey is known, then set the option below.

  • DJANGO_ADMIN_YUBIKEY_CACHE = True

If you do the above, then you can no longer rely on the the django superuser during your initial sync/migrate of the database. You'll need to create your users, and then add their YubiKeys in the django admin.

How It Works

This library implements a custom authentication backend. The login form itself supports an extra OTP field, for yubikeys. After user authentication completes, the yubikey authentication takes place. If it passes, access to the django admin is granted, failing that - it fails.

Building

Core

License: MIT