yubikey-val/ykval-config.php

<?php                                                             # -*- php -*-

//ykval will use the configuration stored in /etc/yubico/val/config-db.php, if that file exists. If it does not exist, the below values will be used.

if(!include '/etc/yubico/val/config-db.php') {
	$dbuser='ykval_verifier';
	$dbpass='yourpassword';
	$basepath='';
	$dbname='ykval';
	$dbserver='';
	$dbport='';
	$dbtype='mysql';
}


# For the validation interface.
$baseParams = array ();
$baseParams['__YKVAL_DB_DSN__'] = "$dbtype:dbname=$dbname;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)
$baseParams['__YKVAL_DB_USER__'] = $dbuser;
$baseParams['__YKVAL_DB_PW__'] = $dbpass;
$baseParams['__YKVAL_DB_OPTIONS__'] = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);

# For the validation server sync
$baseParams['__YKVAL_SYNC_POOL__'] = array(/*"http://api2.example.com/wsapi/2.0/sync",*/
					   /*"http://api3.example.com/wsapi/2.0/sync",*/
					  /* "http://api4.example.com/wsapi/2.0/sync"*/);
# An array of IP addresses allowed to issue sync requests
# NOTE: You must use IP addresses here.
$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array(/*"1.2.3.4",*/
						   /*"2.3.4.5",*/
						   /*"3.4.5.6"*/);

# An array of IP addresses allowed to issue YubiKey activation/deactivation
# requests through ykval-revoke.php. NOTE: You must use IP addresses here.
$baseParams['__YKREV_IPS__'] = array(/*"127.0.0.1"*/);
# An array of IP addresses allowed to issue database resync requests through
# ykval-resync.php. NOTE: You must use IP addresses here.
$baseParams['__YKRESYNC_IPS__'] = array(/*"127.0.0.1"*/);

# Specify how often the sync daemon awakens
$baseParams['__YKVAL_SYNC_INTERVAL__'] = 10;
# Specify how long the sync daemon will wait for response
$baseParams['__YKVAL_SYNC_RESYNC_TIMEOUT__'] = 30;
# Specify how old entries in the database should be considered aborted attempts
$baseParams['__YKVAL_SYNC_OLD_LIMIT__'] = 10;

# These are settings for the validation server.
$baseParams['__YKVAL_SYNC_FAST_LEVEL__'] = 1;
$baseParams['__YKVAL_SYNC_SECURE_LEVEL__'] = 40;
$baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__'] = 60;
$baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;

// otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for
// CLIENT.  The URLs must be fully qualified, i.e., contain the OTP
// itself.
function otp2ksmurls ($otp, $client) {
  //if ($client == 42) {
  //  return array("http://another-ykkms.example.com/wsapi/decrypt?otp=$otp");
  //}

  //if (preg_match ("/^dteffujehknh/", $otp)) {
  //  return array("http://different-ykkms.example.com/wsapi/decrypt?otp=$otp");
  //}

  return array(
	       //"http://ykkms1.example.com/wsapi/decrypt?otp=$otp",
	       //"http://ykkms2.example.com/wsapi/decrypt?otp=$otp",
		"http://127.0.0.1/wsapi/decrypt?otp=$otp"
	       );
}

?>
Support parallel queries to multiple KSMs. 2009-04-27 19:57:24 +02:00			`<?php # -- php --`
Make standalone. 2009-03-10 23:50:35 +01:00
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`//ykval will use the configuration stored in /etc/yubico/val/config-db.php, if that file exists. If it does not exist, the below values will be used.`

			`if(!include '/etc/yubico/val/config-db.php') {`
			`$dbuser='ykval_verifier';`
			`$dbpass='yourpassword';`
			`$basepath='';`
			`$dbname='ykval';`
			`$dbserver='';`
			`$dbport='';`
			`$dbtype='mysql';`
			`}`


Lay foundation for get-api-key service. 2009-08-28 12:55:56 +02:00			`# For the validation interface.`
Make standalone. 2009-03-10 23:50:35 +01:00			`$baseParams = array ();`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`$baseParams['__YKVAL_DB_DSN__'] = "$dbtype:dbname=$dbname;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)`
			`$baseParams['__YKVAL_DB_USER__'] = $dbuser;`
			`$baseParams['__YKVAL_DB_PW__'] = $dbpass;`
Add code to let the db reconnect after errors. Set PDO error mode to throw exceptions so we can catch them and do things. 2012-05-22 13:15:25 +02:00			`$baseParams['__YKVAL_DB_OPTIONS__'] = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);`
Add comments. 2009-12-15 15:56:01 +01:00
Committed first trial version for replication protocol. 2009-12-02 18:32:20 +01:00			`# For the validation server sync`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`$baseParams['__YKVAL_SYNC_POOL__'] = array(/"http://api2.example.com/wsapi/2.0/sync",/`
			`/"http://api3.example.com/wsapi/2.0/sync",/`
			`/* "http://api4.example.com/wsapi/2.0/sync"*/);`
Only allowed sync requests from specified IP addresses 2010-01-11 11:25:25 +01:00			`# An array of IP addresses allowed to issue sync requests`
Use names again. 2010-01-13 15:17:52 +01:00			`# NOTE: You must use IP addresses here.`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array(/"1.2.3.4",/`
			`/"2.3.4.5",/`
			`/"3.4.5.6"/);`
Add comments. 2009-12-15 15:56:01 +01:00
Add __YKREV_IPS__ to template. 2012-06-14 13:00:39 +02:00			`# An array of IP addresses allowed to issue YubiKey activation/deactivation`
			`# requests through ykval-revoke.php. NOTE: You must use IP addresses here.`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`$baseParams['__YKREV_IPS__'] = array(/"127.0.0.1"/);`
Add __YKRESYNC_IPS__ to template. 2012-06-18 15:05:23 +02:00			`# An array of IP addresses allowed to issue database resync requests through`
			`# ykval-resync.php. NOTE: You must use IP addresses here.`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`$baseParams['__YKRESYNC_IPS__'] = array(/"127.0.0.1"/);`
Add __YKREV_IPS__ to template. 2012-06-14 13:00:39 +02:00
Add comments. 2009-12-15 15:56:01 +01:00			`# Specify how often the sync daemon awakens`
Rewritten sync daemon to work in a sequential way. Now called ykval-queue.php 2010-01-10 17:46:11 +01:00			`$baseParams['__YKVAL_SYNC_INTERVAL__'] = 10;`
Add comments. 2009-12-15 15:56:01 +01:00			`# Specify how long the sync daemon will wait for response`
Taking care of sl and timeout parameters in new protocol 2009-12-07 20:13:20 +01:00			`$baseParams['__YKVAL_SYNC_RESYNC_TIMEOUT__'] = 30;`
Add comments. 2009-12-15 15:56:01 +01:00			`# Specify how old entries in the database should be considered aborted attempts`
Rewritten sync daemon to work in a sequential way. Now called ykval-queue.php 2010-01-10 17:46:11 +01:00			`$baseParams['__YKVAL_SYNC_OLD_LIMIT__'] = 10;`
Add comments. 2009-12-15 15:56:01 +01:00
			`# These are settings for the validation server.`
Taking care of sl and timeout parameters in new protocol 2009-12-07 20:13:20 +01:00			`$baseParams['__YKVAL_SYNC_FAST_LEVEL__'] = 1;`
Fix. 2010-01-11 16:41:27 +01:00			`$baseParams['__YKVAL_SYNC_SECURE_LEVEL__'] = 40;`
			`$baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__'] = 60;`
Taking care of sl and timeout parameters in new protocol 2009-12-07 20:13:20 +01:00			`$baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;`
Lay foundation for get-api-key service. 2009-08-28 12:55:56 +02:00
Support parallel queries to multiple KSMs. 2009-04-27 19:57:24 +02:00			`// otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for`
			`// CLIENT. The URLs must be fully qualified, i.e., contain the OTP`
Use names again. 2010-01-13 15:17:52 +01:00			`// itself.`
Support parallel queries to multiple KSMs. 2009-04-27 19:57:24 +02:00			`function otp2ksmurls ($otp, $client) {`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`//if ($client == 42) {`
			`// return array("http://another-ykkms.example.com/wsapi/decrypt?otp=$otp");`
			`//}`
Support parallel queries to multiple KSMs. 2009-04-27 19:57:24 +02:00
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`//if (preg_match ("/^dteffujehknh/", $otp)) {`
			`// return array("http://different-ykkms.example.com/wsapi/decrypt?otp=$otp");`
			`//}`
Support parallel queries to multiple KSMs. 2009-04-27 19:57:24 +02:00
			`return array(`
Made ykval-config.php work out of the box. 2013-01-28 15:09:53 +01:00			`//"http://ykkms1.example.com/wsapi/decrypt?otp=$otp",`
			`//"http://ykkms2.example.com/wsapi/decrypt?otp=$otp",`
			`"http://127.0.0.1/wsapi/decrypt?otp=$otp"`
Support parallel queries to multiple KSMs. 2009-04-27 19:57:24 +02:00			`);`
			`}`
Make standalone. 2009-03-10 23:50:35 +01:00
			`?>`