1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 07:52:23 +01:00
yubico-pam/README

117 lines
2.8 KiB
Plaintext
Raw Normal View History

2008-05-03 08:31:19 +00:00
#summary Installation and configuration of the Yubico PAM module
= Yubico PAM module =
2008-01-11 12:41:21 +00:00
The Yubico PAM module provides an easy way to integrate the Yubikey
into your existing user authentication infrastructure. PAM is used by
GNU/Linux, Solaris and Mac OS X for user authentication, and by other
2008-05-03 08:31:19 +00:00
specialized applications such as NCSA !MyProxy.
2008-01-11 12:41:21 +00:00
2008-05-03 08:31:19 +00:00
== Status and Roadmap ==
2008-01-11 12:41:21 +00:00
The module is working for single-user systems.
Several items have been identified that needs to be implemented before
it can reach production quality:
* Verification of server signature
2008-05-03 08:31:19 +00:00
2008-01-11 12:41:21 +00:00
* Generating signature on request
2008-05-03 08:31:19 +00:00
2008-01-11 12:41:21 +00:00
* HTTPS support
2008-05-03 08:31:19 +00:00
2008-01-11 12:41:21 +00:00
* Multi-user mappings from Yubikey to username.
2008-01-11 12:52:40 +00:00
The development community is co-ordinated via Google Code:
http://code.google.com/p/yubico-pam/
The license for pam_yubico is the same as for Linux-PAM, namely a
dual-license between 3-clause BSD and the GPL. See the file COPYING
for more information.
2008-05-03 08:31:19 +00:00
== Building from SVN ==
2008-01-11 12:41:21 +00:00
Skip to the next section if you are using an official packaged
version.
2008-01-11 12:52:40 +00:00
You may check out the sources using SVN with the following command:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:52:40 +00:00
svn checkout http://yubico-pam.googlecode.com/svn/trunk/ yubico-pam
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:52:40 +00:00
This will create a directory 'yubico-pam'. Enter the directory:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:52:40 +00:00
cd yubico-pam
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:52:40 +00:00
2008-05-02 09:23:13 +00:00
Autoconf, automake and libtool must be installed. For the
documentation, asciidoc and docbook are also required.
2008-01-11 12:41:21 +00:00
Generate the build system using:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:41:21 +00:00
autoreconf --install
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
2008-05-03 08:31:19 +00:00
== Building ==
2008-01-11 12:41:21 +00:00
You will need to have libcurl (curl.h, libcurl.so) and libpam-dev
(security/pam_appl.h, libpam.so) installed.
The build system uses Autoconf, to set up the build system run:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:41:21 +00:00
./configure
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
Then build the code, run the self-test and install the binaries:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:41:21 +00:00
make check install
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
2008-05-03 08:31:19 +00:00
== Configuration ==
2008-01-11 12:41:21 +00:00
Install it in your PAM setup by adding a line to an appropriate file
in /etc/pam.d/:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:41:21 +00:00
auth sufficient pam_yubico.so id=16 debug
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
and move pam_yubico.so into /lib/security/:
2008-01-11 12:41:21 +00:00
2008-05-03 08:31:19 +00:00
{{{
mv /usr/local/lib/security/pam_yubico.so /lib/security/
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
Supported PAM module parameters are:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:41:21 +00:00
"id": to indicate your client identity,
"debug": to enable debug output to stdout,
"alwaysok": to enable that all authentication attempts should succeed
(aka presentation mode).
"url": specify URL to use for verification, by default it is
"http://api.yubico.com/wsapi/verify?id=%d&otp=%s"
Be sure to have only two printf tokens in the string
and that %d comes before %s. The %d will be replaced
with the "id" value and %s with the user's OTP.
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
If you are using "debug" you may find it useful to create a
world-writable log file:
2008-05-03 08:31:19 +00:00
{{{
2008-01-11 12:41:21 +00:00
touch /var/run/pam-debug.log
chmod go+w /var/run/pam-debug.log
2008-05-03 08:31:19 +00:00
}}}
2008-01-11 12:41:21 +00:00
2008-05-03 08:31:19 +00:00
== Feedback ==
2008-01-11 12:41:21 +00:00
If you want to discuss anything related to the Yubico PAM module,
2008-05-03 08:31:19 +00:00
please contact <simon@yubico.com>.