Skip to content
YubiKey OTP validation server in PHP
PHP Groff Makefile Perl Shell
Latest commit a5f0d90 May 17, 2016 @jeanpaulgalea jeanpaulgalea Bump versions.
Failed to load latest commit information.
doc doc/Installation: Grant insert and update rights to ykval_verifier Feb 8, 2016
travis Fix failing tests. Aug 12, 2015
.gitignore ignore release artifacts Jun 12, 2012
.travis.yml add php 7.0 for travis Apr 29, 2016
AUTHORS Simplify license headers. Apr 23, 2010
BLURB Doc fix. Sep 24, 2014
COPYING Update copyright year. Jul 20, 2015
Makefile Bump versions. May 17, 2016
NEWS Bump versions. May 17, 2016
README Update README Oct 29, 2014
README.adoc symlinked README Oct 29, 2014
ykval-checksum-clients Refactor include paths. Sep 8, 2015
ykval-checksum-clients.1 Update copyright year. Jul 20, 2015
ykval-checksum-deactivated Refactor include paths. Sep 8, 2015
ykval-checksum-deactivated.1 Update copyright year. Jul 20, 2015
ykval-common.php make getHttpVal() take the array to extract from Apr 29, 2016
ykval-config.php Add sl and timeout to request log variables. Apr 18, 2016
ykval-db-oci.php Update copyright year. Jul 20, 2015
ykval-db-pdo.php Refactor. Aug 18, 2015
ykval-db.oracle.sql Remove trailing whitespace. Jul 15, 2015
ykval-db.php Update copyright year. Jul 20, 2015
ykval-db.sql raise nonce limit to 40 chars as that's what we say in the documentation May 8, 2012
ykval-export Refactor include paths. Sep 8, 2015
ykval-export-clients Refactor include paths. Sep 8, 2015
ykval-export-clients.1 Update copyright year. Jul 20, 2015
ykval-export.1 Update copyright year. Jul 20, 2015
ykval-gen-clients Refactor include paths. Sep 8, 2015
ykval-gen-clients.1 Update copyright year. Jul 20, 2015
ykval-import Refactor include paths. Sep 8, 2015
ykval-import-clients Refactor include paths. Sep 8, 2015
ykval-import-clients.1 Update copyright year. Jul 20, 2015
ykval-import.1 Update copyright year. Jul 20, 2015
ykval-log-verify.php Fix issue with $baseParam value. Apr 18, 2016
ykval-log.php Add a verify request log line. Apr 18, 2016
ykval-munin-ksmlatency.php Rewrite ykval-munin-ksmlatency plugin. Sep 8, 2015
ykval-munin-ksmresponses.pl Update copyright year. Jul 20, 2015
ykval-munin-queuelength.php Refactor out function into library. Sep 8, 2015
ykval-munin-responses.pl Update copyright year. Jul 20, 2015
ykval-munin-vallatency.php Fix. Sep 9, 2015
ykval-munin-yubikeystats.php Refactor include paths. Sep 8, 2015
ykval-nagios-queuelength.1 Use TLS for man page www.yubico.com links. Jul 20, 2015
ykval-nagios-queuelength.php Refactor include paths. Sep 8, 2015
ykval-ping.php Update copyright year. Jul 20, 2015
ykval-queue Refactor include paths. Sep 8, 2015
ykval-queue.1 Update copyright year. Jul 20, 2015
ykval-resync.php Update copyright year. Jul 20, 2015
ykval-revoke.php Update copyright year. Jul 20, 2015
ykval-sync.php make getHttpVal() take the array to extract from Apr 29, 2016
ykval-synchronize Update copyright year. Jul 20, 2015
ykval-synchronize.1 Update copyright year. Jul 20, 2015
ykval-synclib.php use strtok() instead of explode() since we only care about first element Apr 29, 2016
ykval-verify.php Refactor. May 17, 2016

README.adoc

YubiKey OTP Validation Server

The YubiKey Validation Server (YK-VAL) is a server that validates Yubikey One-Time Passwords (OTPs). YK-VAL is written in PHP, for use behind web servers such as Apache.

General

The server implements the Yubico API protocol as defined in doc/ValidationProtocol* and further documentation is also available in the doc/ subdirectory.

This server talks to a KSM service for decrypting the OTPs, to avoid storing any AES keys on the validation server. One implementation of this service is the YubiKey-KSM, and another implementation using the YubiHSM hardware is PyHSM.

Note that version 1.x is a minimal centralized server. Version 2.x is a replicated system that uses multiple machines.

License

The project is licensed under a BSD license. See the file COPYING for exact wording. For any copyright year range specified as YYYY-ZZZZ in this package note that the range specifies every single year in that closed interval.

Something went wrong with that request. Please try again.