libapache2-mod-authn-yubikey for Debian --------------------------------------- ################################ # Typical apache configuration # ################################ AuthType Basic AuthBasicProvider yubikey AuthName "Please Log In using your YubiKey" AuthYubiKeyTimeout 30 AuthYubiKeyTmpFile /etc/apache2/yubiDbTmp AuthYubiKeyUserFile /etc/apache2/yubiDb AuthYubiKeyExternalErrorPage Off Require valid-user ############################## # Add a user to the database # ############################## $ htpasswd -csb /etc/apache2/yubiDb token_id user:passwd ##################################################################### # mod_authn_yubikey provides the following configuration directives # ##################################################################### AuthYubiKeyTimeout (Default 43200 seconds [12h]) AuthYubiKeyTmpFile (Default conf/ykTmpDb) AuthYubiKeyUserFile (Default conf/ykUserDb) AuthYubiKeyRequireSecure (Default On) AuthYubiKeyExternalErrorPage (Default Off) * AuthYubiKeyTimeout The AuthYubiKeyTimeout directive specifies an absolute timeout since the user last logged in. This means, that if the timeout is set to 120 seconds, the user has to log in again after 120 seconds of using the page. This is a hard timeout which is not renewed as the user is working with the page. The default value is 43200 seconds (12h) * AuthYubiKeyTmpFile The AuthYubiKeyTmpFile directive specifies the temporary file which is used to store authenticated users. If a user successfully authenticates, the authentication time is stored within this file. It is used to determine when the user logged in last. The default value is $SERVER_ROOT/conf/ykTmpDb Remember, if you specify the location of the file, mention that if you configure it to /tmp on UNIX systems, that possibly everyone can view that file. * AuthYubiKeyUserFile The AuthYubiKeyUserFile directive is the file which is responsible for the tokenid/username mapping. Additionally it is required for users to be present with their Yubikey id within this file to access the site protected by mod_authn_yubikey. The default value is $SERVER_ROOT/conf/ykUserDb * AuthYubiKeyRequireSecure The AuthYubiKeyRequireSecure directive takes care of users using https with your selected target. This is especially useful if you are authenticating users with two factors (password AND yubikey), since the password and the token itself are just Base64 encoded when they are sent back to the server authenticating the user. The default value is On (secure connection required) * AuthYubiKeyExternalErrorPage The AuthYubiKeyExternalErrorPage directive let’s you specify an error page different from the built in error page, so that you are able to design your own. By using the ErrorDocument directive within your configuration you can even redirect the user to a site not residing on you machine. The default value is Off (built in error page used) -- Alexandre De Dommelin Thu, 10 Feb 2011 20:10:21 +0000