PDO::ERRMODE_EXCEPTION); // for the validation server sync $baseParams['__YKVAL_SYNC_POOL__'] = array( // "https://api2.example.com/wsapi/2.0/sync", // "https://api3.example.com/wsapi/2.0/sync", // "https://api4.example.com/wsapi/2.0/sync", ); /** * An array of IP addresses which are allowed to issue sync requests to us. * * NOTE: You must use IP addreseses here. Hostnames will be ignored! * Both IPv4 and IPv6 are supported. */ $baseParams['__YKVAL_ALLOWED_SYNC_POOL__'] = array( // "1.2.3.4", // "2.3.4.5", // "3.4.5.6", // "fc00:aaaa::", // "fc00:bbbb::", // "fc00:cccc::", ); // An array of IP addresses allowed to issue YubiKey activation/deactivation // requests through ykval-revoke.php. NOTE: You must use IP addresses here. $baseParams['__YKREV_IPS__'] = array(/*"127.0.0.1"*/); // An array of IP addresses allowed to issue database resync requests through // ykval-resync.php. NOTE: You must use IP addresses here. // $baseParams['__YKRESYNC_IPS__'] = array("127.0.0.1"); // Use the same as for issuing sync requests: $baseParams['__YKRESYNC_IPS__'] = $baseParams['__YKVAL_ALLOWED_SYNC_POOL__']; // Specify how often the sync daemon awakens $baseParams['__YKVAL_SYNC_INTERVAL__'] = 10; // Specify how long the sync daemon will wait for response $baseParams['__YKVAL_SYNC_RESYNC_TIMEOUT__'] = 30; // Specify how old entries in the database should be considered aborted attempts $baseParams['__YKVAL_SYNC_OLD_LIMIT__'] = 10; // These are settings for the validation server. $baseParams['__YKVAL_SYNC_FAST_LEVEL__'] = 1; $baseParams['__YKVAL_SYNC_SECURE_LEVEL__'] = 40; $baseParams['__YKVAL_SYNC_DEFAULT_LEVEL__'] = 60; $baseParams['__YKVAL_SYNC_DEFAULT_TIMEOUT__'] = 1; // A key -> value array with curl options to set // when calling URLs defined in __YKVAL_SYNC_POOL__ $baseParams['__YKVAL_SYNC_CURL_OPTS__'] = array( //CURLOPT_PROTOCOLS => CURLPROTO_HTTP, ); // A key -> value array with curl options to set // when calling URLs returned by otp2ksmurls() $baseParams['__YKVAL_KSM_CURL_OPTS__'] = array( //CURLOPT_PROTOCOLS => CURLPROTO_HTTP, ); // Returns an array of YK-KSM URLs for decrypting $otp for $client. // The URLs must be fully qualified, i.e., containing the OTP itself. function otp2ksmurls ($otp, $client) { //if ($client == 42) { // return array("https://another-ykkms.example.com/wsapi/decrypt?otp=$otp"); //} //if (preg_match("/^dteffujehknh/", $otp)) { // return array("https://different-ykkms.example.com/wsapi/decrypt?otp=$otp"); //} return array( // "https://ykkms1.example.com/wsapi/decrypt?otp=$otp", // "https://ykkms2.example.com/wsapi/decrypt?otp=$otp", "http://127.0.0.1:8002/wsapi/decrypt?otp=$otp", ); }