Currently, when following the installation instructions, the scripts
adding clients to the database don’t work as the user `ykval_verifier`
does not have any insert rights for the table `clients`.
```
LOG_DEBUG:ykval-gen-clients:db:DB query is:SELECT id FROM clients ORDER BY id DESC LIMIT 1
LOG_DEBUG:ykval-gen-clients:db:DB query is: INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')
LOG_INFO:ykval-gen-clients:db:Database query error: Array ( [0] => 42000 [1] => 1142 [2] => INSERT command denied to user 'ykval_verifier'@'localhost' for table 'clients' )
LOG_ERR:ykval-gen-clients:Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826’,’XXXXXXXXXXXXXXXXXXXXXXXX=','','','')
Failed to insert new client with query INSERT INTO clients (id,active,created,secret,email,notes,otp) VALUES ('1', '1', '1404359826','XXXXXXXXXXXXXXXXXXXXXXXX =','','','')`
```
Therefore, update the documentation, to also grant the user
`ykval_verifier` the rights to insert and update records into the table
`clients`. No delete rights are granted, because there is an `active`
column, which should probably used over deletion of clients.
Note, the original idea was probably to use two database users. One for
inserting and updating data, and one for querying/validating it. As,
nothing is written about this though, use the existing/recommended user
for both things.
Fixes: #20 (ykval_verifier SQL user doesn't have permission to INSERT
INTO clients, breaks ykval-gen-clients)
Ubuntu 12.04 LTS will be supported until April 2017, but Ubuntu 14.04
LTS has been around long enough, so it’s well tested and probably more
common to install than 12.04 LTS. It’s supported until April 2019 [1].
[1] https://wiki.ubuntu.com/Releases
- previously the default config only included port 80.
- this was changed in 382cfc2ab506a4c0f6ba0222d473ff3df77dd6f5,
to avoid issues with yhsm-yubikey-ksm, which defaults to port 8002.
- however, this broke configurations running with yubikey-ksm,
which defaults to port 80.
- a better approach is to have both projects using the same defaults,
but for now we'll include both urls instead.
- the ksm decrypt requests happen asynchronously,
so there should not be any performance degradation.
(since either one of the urls will timeout)
- simplify and avoid using different arrays with same values.
- build $otpParams from $otpinfo as soon as we have ksm result,
then unset $otpinfo.
- futher down, only use $otpParams and $localParams.
- avoid doing what is already handled by the Log class.
- the log name is appended automatically,
so don't append it again in the invocation.
i.e. "ykval-verify"
- the log level name is also appended automatically,
so don't append it manually, especially when it doesn't match the log priority!
i.e. LOG_WARNING -> ":notice:"
- fix whitespace in some messages.
