| | 1 | = Installing the OTP login extension = |
| | 2 | |
| | 3 | == Installation and updating == |
| | 4 | |
| | 5 | 1. Download the latest `base-otp-x.y.tar.gz` file from the [wiki:net.sf.basedb.otp OTP login main page]. |
| | 6 | 2. Unpack the downloaded file to a directory of your choice. |
| | 7 | 3. If this is a FIRST-TIME INSTALLATION: |
| | 8 | A. Create a master password used for encrypting OTP secret keys (see below) |
| | 9 | B. Update the BASE database with additional columns in the users table (see below) |
| | 10 | 4. Make additional configuration settings (see below) |
| | 11 | 5. Copy the `base-otp.jar` file to your BASE plug-ins directory. Look in your |
| | 12 | `base.config` file if you don't know where this is. |
| | 13 | 6. Log in to BASE as an administrator and go to the '''Administrate->Plug-ins & Extensions->Overview''' page. |
| | 14 | 7. Run the installation wizard and select to install `base-otp.jar`. |
| | 15 | 8. Done |
| | 16 | |
| | 17 | |
| | 18 | ---- |
| | 19 | |
| | 20 | |
| | 21 | == FIRST-TIME INSTALLATION == |
| | 22 | |
| | 23 | Before installing the OTP login extension for the first time there are a few configuration steps |
| | 24 | that must be performed. Unless otherwise noted, these steps only need to be done the first time. |
| | 25 | |
| | 26 | === A. Create a master password === |
| | 27 | |
| | 28 | The master password is used as an encryption key for encrypting the OTP |
| | 29 | secret keys that are individual user accounts. Once the master password has been |
| | 30 | set it should not be changed¹. |
| | 31 | |
| | 32 | 1. Open the `base-otp.properties` file. |
| | 33 | 2. Change the `master-password` setting to some other password. |
| | 34 | The usual recommendations about password length and complexity apply. |
| | 35 | 3. Move or copy the `base-otp.properties` file to the `WEB-INF/classes` |
| | 36 | directory of your BASE installation. If you have a copy in some other place, make sure |
| | 37 | that no other users can read it. |
| | 38 | |
| | 39 | ''¹) If, for some reason, the master password has be changed then the `Users.otp_secretkey` column |
| | 40 | in the database need to be nullified for all user accounts. All users must then re-configure their OTP |
| | 41 | setup before they can login again.'' |
| | 42 | |
| | 43 | === B. Update the BASE database with additional columns in the users table === |
| | 44 | |
| | 45 | 1. Move or copy the `otp-extended-properties.xml` file to the `WEB-INF/classes/extended-properties` directory. |
| | 46 | 2. Shut down the BASE server including any job agents. |
| | 47 | 3. Run the `updatedb.sh` script shipped with the BASE installation. This should create additional column in the `Users` table that are used to store OTP-related information. |
| | 48 | 4. Restart the BASE server and job agents. |
| | 49 | |
| | 50 | ---- |
| | 51 | |
| | 52 | == Additional configuration settings == |
| | 53 | |
| | 54 | There are some additional configuration settings that can be made in the `yubikey.properties` file. This step is optional. |
| | 55 | |
| | 56 | || '''Setting''' || '''Description''' || '''Since''' || |
| | 57 | || login-method || Currently not supported || || |
| | 58 | || no-otp || Comma- or whitespace- separated list of application ids for which OTP login should be disabled.[[BR]] For example, if you have installed the [wiki:net.sf.basedb.ftp FTP server] but do not want to use OTP for that: [[BR]] `no-otp=net.sf.basedb.clients.ftp` || OTP login 1.0 || |
| | 59 | || require-otp || Comma- or whitespace- separated list of application ids for which OTP login is required.[[BR]] Users that has not configured OTP login will not be able to use those clients. || OTP login 1.0 || |
| | 60 | |
| | 61 | |
