mirror of
https://github.com/Yubico/yubikey-val.git
synced 2025-02-27 06:54:16 +01:00
f24aed77a6
Only $req_answers sync peers would get polled. When $req_answers is less than $nr_servers, some servers (that return replayed counters) will get ignored, since retrieveURLasync() stops after $req_answers responses. The fix requires $nr_servers responses from retrieveURLasync, causing all sync peers to get polled and processed by sync(). This arrangement also allows a two-server sync pool to operate when one peer is gone or unreachable, something that cannot be done before these modifications. Set the sync_level to 0, which means "try everyone, but if you get no valid responses, it's okay to proceed". Prior to the modifications, it means "don't even try syncing". Also, added ykval-cron, which can be fired off from a cron job to make sure ykval-queue stays running. This is example code, as your enviroment and usernames may differ.
== YubiKey OTP Validation Server == The YubiKey Validation Server (YK-VAL) is a server that validates Yubikey One-Time Passwords (OTPs). YK-VAL is written in PHP, for use behind web servers such as Apache. General ------- The server implements the Yubico API protocol as defined in doc/ValidationProtocol* and further documentation is also available in the doc/ subdirectory. This server talks to a KSM service for decrypting the OTPs, to avoid storing any AES keys on the validation server. One implementation of this service is the https://developers.yubico.com/yubikey-ksm[YubiKey-KSM], and another implementation using the YubiHSM hardware is https://developers.yubico.com/python-pyhsm[PyHSM]. Note that version 1.x is a minimal centralized server. Version 2.x is a replicated system that uses multiple machines. License ------- The project is licensed under a BSD license. See the file COPYING for exact wording. For any copyright year range specified as YYYY-ZZZZ in this package note that the range specifies every single year in that closed interval.