#892 closed enhancement (fixed)
Add support for enforcing YubiKey login depending on client
Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
---|---|---|---|
Priority: | major | Milestone: | YubiKey v1.3 |
Component: | net.sf.basedb.yubikey | Keywords: | |
Cc: |
Description
#609 added support for not using YubiKey login when certain client applications was used.
In some cases it might be desirable to enforce that YubiKey login is used (see #891). Typically, the normal behavior is to also accept users that has not been assigned a YubiKey (if they provide their regular username and a correct password).
When a client-application has been configured for enforcing YubiKey login it will not be possible for users without a YubiKey to login with that client.
The suggested fix is to specify a list of client application ids in the yubikey.properties file. Eg:
enforce-yubikey = net.sf.basedb.reggie.delivery
Note:
See TracTickets
for help on using tickets.
(In [3993]) Fixes #892: Add support for enforcing YubiKey login depending on client
A list with client id values can now be specified in the
require-yubikey
configuration setting to require that YubiKey login is used.A releated but slightly different change is that if someone is trying to login with valid YubiKey that is not connected to a user account the login is blocked. This case used to be ignored and passed back to the BASE core for internal authentication.