1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-12-11 09:24:11 +01:00
yubikey-val/ykval-config.php

59 lines
2.4 KiB
PHP
Raw Normal View History

<?php # -*- php -*-
2009-03-10 23:50:35 +01:00
# For the validation interface.
2009-03-10 23:50:35 +01:00
$baseParams = array ();
$baseParams['__YKVAL_DB_DSN__'] = "mysql:dbname=ykval;host=127.0.0.1"; # "oci:oracledb" for Oracle DB (with OCI library)
$baseParams['__YKVAL_DB_USER__'] = 'ykval_verifier';
$baseParams['__YKVAL_DB_PW__'] = 'lab';
$baseParams['__YKVAL_DB_OPTIONS__'] = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
2009-12-15 15:56:01 +01:00
# For the validation server sync
2012-05-29 11:07:19 +02:00
$baseParams['__YKVAL_SYNC_POOL__'] = array("http://api2.example.com/wsapi/2.0/sync",
"http://api3.example.com/wsapi/2.0/sync",
2010-01-13 15:17:52 +01:00
"http://api4.example.com/wsapi/2.0/sync");
# An array of IP addresses allowed to issue sync requests
2010-01-13 15:17:52 +01:00
# NOTE: You must use IP addresses here.
2012-05-29 11:07:19 +02:00
$baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array("1.2.3.4",
"2.3.4.5",
"3.4.5.6");
2009-12-15 15:56:01 +01:00
2012-06-14 13:00:39 +02:00
# An array of IP addresses allowed to issue YubiKey activation/deactivation
# requests through ykval-revoke.php. NOTE: You must use IP addresses here.
$baseParams['__YKREV_IPS__'] = array("127.0.0.1");
2012-06-18 15:05:23 +02:00
# An array of IP addresses allowed to issue database resync requests through
# ykval-resync.php. NOTE: You must use IP addresses here.
$baseParams['__YKRESYNC_IPS__'] = array("127.0.0.1");
2012-06-14 13:00:39 +02:00
2009-12-15 15:56:01 +01:00
# Specify how often the sync daemon awakens
$baseParams['__YKVAL_SYNC_INTERVAL__'] = 10;
2009-12-15 15:56:01 +01:00
# Specify how long the sync daemon will wait for response
$baseParams['__YKVAL_SYNC_RESYNC_TIMEOUT__'] = 30;
2009-12-15 15:56:01 +01:00
# Specify how old entries in the database should be considered aborted attempts
$baseParams['__YKVAL_SYNC_OLD_LIMIT__'] = 10;
2009-12-15 15:56:01 +01:00
# These are settings for the validation server.
$baseParams['__YKVAL_SYNC_FAST_LEVEL__'] = 1;
2010-01-11 16:41:27 +01:00
$baseParams['__YKVAL_SYNC_SECURE_LEVEL__'] = 40;
$baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__'] = 60;
$baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1;
// otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for
// CLIENT. The URLs must be fully qualified, i.e., contain the OTP
2010-01-13 15:17:52 +01:00
// itself.
function otp2ksmurls ($otp, $client) {
if ($client == 42) {
2010-01-13 15:17:52 +01:00
return array("http://another-ykkms.example.com/wsapi/decrypt?otp=$otp");
}
if (preg_match ("/^dteffujehknh/", $otp)) {
2010-01-13 15:17:52 +01:00
return array("http://different-ykkms.example.com/wsapi/decrypt?otp=$otp");
}
return array(
2010-01-13 15:17:52 +01:00
"http://ykkms1.example.com/wsapi/decrypt?otp=$otp",
"http://ykkms2.example.com/wsapi/decrypt?otp=$otp",
);
}
2009-03-10 23:50:35 +01:00
?>