Version 7 (modified by 5 years ago) ( diff ) | ,
---|
Installing the YubiKey authentication extension
Installation and updating
- Download the latest
yubikey-x.y.tar.gz
file from the YubiKey main page. - Unpack the downloaded file to a directory of your choice.
- If this is a FIRST-TIME INSTALLATION:
- Generate a key for use with the Yubico Web Services (see below)
- Update the BASE database with additional columns in the users table (see below)
- Make additional configuration settings (see below)
- Copy the
yubikey.jar
file to your BASE plug-ins directory. Look in yourbase.config
file if you don't know where this is. - Log in to BASE as an administrator and go to the Administrate->Plug-ins & Extensions->Overview page.
- Run the installation wizard and select to install
yubikey.jar
. - Done
FIRST-TIME INSTALLATION
Before installing the YubiKey extension for the first time there are a few configuration steps that must be performed. Unless otherwise noted, these steps only need to be done the first time.
A. Generate a key for use with Yubico Web Services
Without this key the extension is not allowed to validate passwords against the YubiCloud.
- Go to https://upgrade.yubico.com/getapikey/ and follow the instructions.
- Store the generated KEY and CLIENT_ID in the
yubikey.properties
file that was included with this extension. - Move or copy the
yubikey.properties
file to theWEB-INF/classes
directory of your BASE installation.
B. Update the BASE database with additional columns in the users table
- Move or copy the
yubikey-extended-properties.xml
file to theWEB-INF/classes/extended-properties
directory. - Shut down the BASE server including any job agents.
- Run the
updatedb.sh
script shipped with the BASE installation. This should create additional column in theUsers
table that are used to store YubiKey-related information. - Restart the BASE server and job agents.
Additional configuration settings
There are some additional configuration settings that can be made in the yubikey.properties
file. This step is optional.
no-yubikey (since 1.1)
Comma- or whitespace- separated list of application ids for which YubiKey login should be disabled. For example, if you have installed the FTP server but do not want to use YubiKey for that:
no-yubikey = net.sf.basedb.clients.ftp
require-yubikey (since 1.3)
Comma- or whitespace- separated list of application ids for which YubiKey login is required. Users without a YubiKey will not be able to use those clients. For example, to force all users of the web client to use YubiKey:
require-yubikey = net.sf.basedb.clients.web
allow-other-authentication (since 1.5)
Comma- or whitespace- separated list of other authentication methods that are allowed even if a user has configured a YubiKey. Use *
as a wildcard for all other authentication methods (including password authentication). Examples:
# Also allow password authentication even if a user has a YubiKey allow-other-authentication = password # Allow all other authentication methods allow-other-authentication = * # If the OTP login extension is also installed we can # allow users to use either YubiKey or OTP (with or without password) allow-other-authentication = otp-only otp+password