Mercurial > prosody-wiki
comparison mod_auth_internal_yubikey.wiki @ 168:5523eda6e4e9
Documented dependencies.
| author | MWild1 |
|---|---|
| date | Thu, 17 Feb 2011 16:39:27 +0000 |
| parents | caa297adfe14 |
| children | 80f117f99f23 |
comparison
equal
deleted
inserted
replaced
| 167:caa297adfe14 | 168:5523eda6e4e9 |
|---|---|
| 15 | 15 |
| 16 Even if the password is intercepted it is of little use to the attacker as it expires as soon as it is used. Additionally the data stored in Prosody's DB is not enough to authenticate as the user if stolen by the attacker. | 16 Even if the password is intercepted it is of little use to the attacker as it expires as soon as it is used. Additionally the data stored in Prosody's DB is not enough to authenticate as the user if stolen by the attacker. |
| 17 | 17 |
| 18 When this module is in use each user can either use normal password authentication, or instead have their account associated with a Yubikey - at which point only the key will work. | 18 When this module is in use each user can either use normal password authentication, or instead have their account associated with a Yubikey - at which point only the key will work. |
| 19 | 19 |
| 20 = Installation = | |
| 21 | |
| 22 Requires bitlib for Lua, and yubikey-lua from http://code.matthewwild.co.uk/yubikey-lua . When properly installed, the command `lua -lbit -lyubikey` should give you a Lua prompt with no errors. | |
| 23 | |
| 20 = Configuration = | 24 = Configuration = |
| 21 | 25 |
| 22 == Associating keys == | 26 == Associating keys == |
| 23 Each Yubikey is configured with several pieces of information that Prosody needs to know. This information is shown in the Yubikey personalization tool (the _yubikey-personalization_ package in Debian/Ubuntu). | 27 Each Yubikey is configured with several pieces of information that Prosody needs to know. This information is shown in the Yubikey personalization tool (the _yubikey-personalization_ package in Debian/Ubuntu). |
| 24 | 28 |
| 29 | 33 |
| 30 This will run you through a series of questions about the information Prosody requires about the key configuration. | 34 This will run you through a series of questions about the information Prosody requires about the key configuration. |
| 31 | 35 |
| 32 *NOTE:* All keys used with the server (rather, with a given host) must all have a "public ID" (uid) of the same length. This length must be set in the Prosody config with the 'yubikey_prefix_length' option. | 36 *NOTE:* All keys used with the server (rather, with a given host) must all have a "public ID" (uid) of the same length. This length must be set in the Prosody config with the 'yubikey_prefix_length' option. |
| 33 | 37 |
| 34 Instead of entering the information interactively it is also possible to specify each option on the command-line (useful for automation) via `--option="value"`. The options are: | 38 Instead of entering the information interactively it is also possible to specify each option on the command-line (useful for automation) via --option="value". The valid options are: |
| 35 | 39 |
| 36 || password || The user's password (may be blank) || | 40 || password || The user's password (may be blank) || |
| 37 || fixed || The public ID that the Yubikey prefixes to the OTP || | 41 || fixed || The public ID that the Yubikey prefixes to the OTP || |
| 38 || uid || The private ID that the Yubikey encrypts in the OTP || | 42 || uid || The private ID that the Yubikey encrypts in the OTP || |
| 39 || key || The AES key that the Yubikey uses (may be blank if a global shared key is used, see below) || | 43 || key || The AES key that the Yubikey uses (may be blank if a global shared key is used, see below) || |