Difference between revisions of "Yubikey Authorization Server"

From CDOT Wiki
Jump to: navigation, search
(Current fixes)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Current fixes
+
==Documentation on Configuration==
  
 +
Documentation on how to set up the Yubikey validation server and key storage modules can be found, respectively, here:
 +
 +
*https://github.com/Yubico/yubikey-val-server-php/wiki/Installation
 +
*http://code.google.com/p/yubikey-ksm/wiki/Installation
 +
 +
These instructions have been confirmed to work under Fedora/RHEL with a few modifications:
 +
 +
#To install the KSM and VAL server, simply run "yum -y install yubikey-ksm yubikey-val" instead of using the source based method (although if you wish to have a more up to date version, the source based method does work)
 +
#Because of the packaging methods used, some files will be relocated under /usr/share/doc.  Fret not, as all of the new folders begin with yubikey-${SOMETHING}, so the instructions must be modified accordingly.
 +
#The Location of the virtual hosts has  been changed for security reasons to a folder under /var/www/ instead of being /var/www/html
 +
#<INSERT RSYSLOG FIXES>
 +
 +
==Current fixes==
 +
 +
There are a few issues either with the instructions in the documentation being aimed at debian based systems or the fedora packages themselves.
  
 
*For Ykval
 
*For Ykval
 +
**yum -y install php-process
 +
**setsebool -P httpd_can_network_connect 1
 +
**setsebool -P httpd_can_network_connect_db 1
 +
**append "/usr/share/pear/:/etc/ykval/:/usr/share/ykval/" to the ${BIN_FILE} line in the start function of /etc/init.d/ykval_queue
 +
**Rename files under /var/www/wsapi/2.0/ from yubikey_${name}.php to just ${name}.php
 +
  
**yum -y install php-process
+
*For Ykksm
** setsebool -P httpd_can_network_connect 1
+
**comment out hex2bin function in /usr/share/ykksm/ykksm-utils.php
** setsebool -P httpd_can_network_connect_db 1
 
** append "/usr/share/pear/:/etc/ykval/:/usr/share/ykval/" to the ${BIN_FILE} line in the start function of /etc/init.d/ykval_queue
 

Latest revision as of 16:43, 22 November 2012

Documentation on Configuration

Documentation on how to set up the Yubikey validation server and key storage modules can be found, respectively, here:

These instructions have been confirmed to work under Fedora/RHEL with a few modifications:

  1. To install the KSM and VAL server, simply run "yum -y install yubikey-ksm yubikey-val" instead of using the source based method (although if you wish to have a more up to date version, the source based method does work)
  2. Because of the packaging methods used, some files will be relocated under /usr/share/doc. Fret not, as all of the new folders begin with yubikey-${SOMETHING}, so the instructions must be modified accordingly.
  3. The Location of the virtual hosts has been changed for security reasons to a folder under /var/www/ instead of being /var/www/html
  4. <INSERT RSYSLOG FIXES>

Current fixes

There are a few issues either with the instructions in the documentation being aimed at debian based systems or the fedora packages themselves.

  • For Ykval
    • yum -y install php-process
    • setsebool -P httpd_can_network_connect 1
    • setsebool -P httpd_can_network_connect_db 1
    • append "/usr/share/pear/:/etc/ykval/:/usr/share/ykval/" to the ${BIN_FILE} line in the start function of /etc/init.d/ykval_queue
    • Rename files under /var/www/wsapi/2.0/ from yubikey_${name}.php to just ${name}.php


  • For Ykksm
    • comment out hex2bin function in /usr/share/ykksm/ykksm-utils.php