Changes between Version 1 and Version 2 of net.sf.basedb.otp/install


Ignore:
Timestamp:
Jun 19, 2018, 9:23:29 AM (4 weeks ago)
Author:
nicklas
Comment:

Updated and clarified installation instructions

Legend:

Unmodified
Added
Removed
Modified
  • net.sf.basedb.otp/install

    v1 v2  
    1313 6. Log in to BASE as an administrator and go to the '''Administrate->Plug-ins & Extensions->Overview''' page.
    1414 7. Run the installation wizard and select to install `base-otp.jar`.
    15  8. Done
     15 8. Done.
    1616 
    1717
     
    2626=== A. Create a master password ===
    2727
    28 The master password is used as an encryption key for encrypting the OTP
    29 secret keys that are individual user accounts. Once the master password has been
    30 set it should not be changed¹.
    31    
     28The master password is used as an encryption key for encrypting the OTP secret keys that are are
     29assigned to user accounts. Note that all user accounts have their own secret keys for OTP and that
     30they are randomly generated. Once the master password has been set it must not be changed since
     31that will make all existing OTP keys inaccessible¹.
     32
    3233 1. Open the `base-otp.properties` file.
    3334 2. Change the `master-password` setting to some other password.
     
    3738    that no other users can read it.
    3839   
    39 ''¹) If, for some reason, the master password has be changed then the `Users.otp_secretkey` column
    40 in the database need to be nullified for all user accounts. All users must then re-configure their OTP
    41 setup before they can login again.''
     40''¹) If, for some reason, the master password need to be changed then the `Users.otp_secretkey` column
     41in the database must be nullified for all user accounts. There is no built-in wizard for this, but it can
     42be done by executing the SQL below. After the reset, all users must then re-configure their OTP setup
     43before they can login again.''
     44
     45{{{
     46// For PostgreSQL, MySQL users should modify as needed
     47update "Users" set "otp_secretkey"=NULL
     48}}}
    4249
    4350=== B. Update the BASE database with additional columns in the users table ===
     
    5663|| '''Setting''' || '''Description''' || '''Since''' ||
    5764|| login-method || Currently not supported || ||
    58 || no-otp || Comma- or whitespace- separated list of application ids for which OTP login should be disabled.[[BR]] For example, if you have installed the [wiki:net.sf.basedb.ftp FTP server] but do not want to use OTP for that: [[BR]] `no-otp=net.sf.basedb.clients.ftp` || OTP login 1.0 ||
    59 || require-otp || Comma- or whitespace- separated list of application ids for which OTP login is required.[[BR]] Users that has not configured OTP login will not be able to use those clients. || OTP login 1.0 ||
     65|| no-otp || Comma- or whitespace- separated list of application ids for which OTP login should be disabled.[[BR]] For example, if you have installed the [wiki:net.sf.basedb.ftp FTP server] but do not want to use OTP for that: [[BR]] `no-otp=net.sf.basedb.clients.ftp` || 1.0 ||
     66|| require-otp || Comma- or whitespace- separated list of application ids for which OTP login is required.[[BR]] Users that has not configured OTP login will not be able to use those clients. || 1.0 ||
    6067
    6168