Changes between Initial Version and Version 1 of net.sf.basedb.otp/install


Ignore:
Timestamp:
Jun 18, 2018, 1:24:53 PM (4 years ago)
Author:
Nicklas Nordborg
Comment:

Create installation instructions for the OTP extension

Legend:

Unmodified
Added
Removed
Modified
  • net.sf.basedb.otp/install

    v1 v1  
     1= Installing the OTP login extension =
     2
     3== Installation and updating ==
     4
     5 1. Download the latest `base-otp-x.y.tar.gz` file from the [wiki:net.sf.basedb.otp OTP login main page].
     6 2. Unpack the downloaded file to a directory of your choice.
     7 3. If this is a FIRST-TIME INSTALLATION:
     8    A. Create a master password used for encrypting OTP secret keys (see below)
     9    B. Update the BASE database with additional columns in the users table (see below)
     10 4. Make additional configuration settings (see below)
     11 5. Copy the `base-otp.jar` file to your BASE plug-ins directory. Look in your
     12    `base.config` file if you don't know where this is.
     13 6. Log in to BASE as an administrator and go to the '''Administrate->Plug-ins & Extensions->Overview''' page.
     14 7. Run the installation wizard and select to install `base-otp.jar`.
     15 8. Done
     16 
     17
     18----
     19
     20
     21== FIRST-TIME INSTALLATION ==
     22
     23Before installing the OTP login extension for the first time there are a few configuration steps
     24that must be performed. Unless otherwise noted, these steps only need to be done the first time.
     25
     26=== A. Create a master password ===
     27
     28The master password is used as an encryption key for encrypting the OTP
     29secret keys that are individual user accounts. Once the master password has been
     30set it should not be changed¹.
     31   
     32 1. Open the `base-otp.properties` file.
     33 2. Change the `master-password` setting to some other password.
     34    The usual recommendations about password length and complexity apply.
     35 3. Move or copy the `base-otp.properties` file to the `WEB-INF/classes`
     36    directory of your BASE installation. If you have a copy in some other place, make sure
     37    that no other users can read it.
     38   
     39''¹) If, for some reason, the master password has be changed then the `Users.otp_secretkey` column
     40in the database need to be nullified for all user accounts. All users must then re-configure their OTP
     41setup before they can login again.''
     42
     43=== B. Update the BASE database with additional columns in the users table ===
     44
     45 1. Move or copy the `otp-extended-properties.xml` file to the `WEB-INF/classes/extended-properties` directory.
     46 2. Shut down the BASE server including any job agents.
     47 3. Run the `updatedb.sh` script shipped with the BASE installation. This should create additional column in the `Users` table that are used to store OTP-related information.
     48 4. Restart the BASE server and job agents.
     49
     50----
     51
     52== Additional configuration settings ==
     53
     54There are some additional configuration settings that can be made in the `yubikey.properties` file. This step is optional.
     55
     56|| '''Setting''' || '''Description''' || '''Since''' ||
     57|| login-method || Currently not supported || ||
     58|| no-otp || Comma- or whitespace- separated list of application ids for which OTP login should be disabled.[[BR]] For example, if you have installed the [wiki:net.sf.basedb.ftp FTP server] but do not want to use OTP for that: [[BR]] `no-otp=net.sf.basedb.clients.ftp` || OTP login 1.0 ||
     59|| require-otp || Comma- or whitespace- separated list of application ids for which OTP login is required.[[BR]] Users that has not configured OTP login will not be able to use those clients. || OTP login 1.0 ||
     60
     61