Skip to content

Yubikey authentification server using zeroMQ for message passing. Includes an authentication server, a PAM client, an Apache client and some tools

Notifications You must be signed in to change notification settings

asirinelli/yubikey_zmq

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Yubikey zmq server

Copyright (C) 2011-2017 Antoine Sirinelli <antoine@monte-stello.com>.

Licensed under the GPL (Version 2 or greater).

This set of programs have been written to allow a modular use of authentication using Yubikeys. A server verifies tokens submitted by different means. Communications with the server rely on the ZeroMQ library. Clients submits one-time passwords to the server which check their validity.

Theses programs have been written in order to offer a completely independent authentication process without relying on third-party services. This scheme also assumes that the Yubikeys do not present their own serial number when used which mean that the user has to give his login in order to be authenticated.

Programs

yubi_zeromq_server

This is the server. It is written in C and has a small memory footprint. It uses ZeroMQ in a Request/Reply mode and stores credentials in a SQLite database.

pam_yubikey.so

This a module for the linux PAM. Any program using the PAM interface can then use one time password from the Yubikey. The recommended policy is to couple it with a traditional password.

update_yubi_db

This is simple utility written to manage the server database. With this program, users can be created, deleted or updated in the database.

generate_random_token

This utility generates a random identity and AES key, stores them in a Yubikey and save the credentials in a file ready to be used by update_yubi_db in order to import a new user in the database. It uses the Yubikey personalization library. The random generator is the kernel.

Compilation

make should be able to compile all the modules. Nevertheless, the following dependencies are needed (as Debian packages):

  • libsqlite3-dev: SQLite development files (used by the server to store the credentials)
  • libzmq-dev: ZeroMQ development files (used by all modules for communication between the server and the clients)
  • libpam0g-dev: PAM development files (used by the PAM module only)
  • pkg-config
  • libyubikey-dev: Yubikey development files (used by the server to validate tokens)
  • libykpers-1-dev: Yubikey personalization development files (used by generate_random_token)

Installation

For Debian (and Ubuntu) user, a crude script is provided to generate a .deb package. This package contains all the modules and programs. It install also the server database and init script to be run at startup.

ToDo

  • Divide Debian package into sub-packages
  • Write a better documentation
  • Comment the code
  • Write a Nginx module
  • Write a module to interact with a VPN

yubi_zeromq_server

  • Add an option to encrypt the database.

pam_yubikey.so

  • Pass the server location in the PAM arguments instead of being hard-coded.
  • Implement a timeout in case the server does not respond.

update_yubi_db

  • Add an option to test an unknown key against all the key stored in the database.

generate_random_token

  • Isolate the bug that raise an error when writing the configuration in the Yubikey with the testing Debian package.

About

Yubikey authentification server using zeroMQ for message passing. Includes an authentication server, a PAM client, an Apache client and some tools

Resources

Stars

Watchers

Forks

Packages

No packages published