DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authyubikey

authyubikey Plugin

Compatible with DokuWiki

  • 2017-02-19 "Frusterick Manners" unknown
  • 2016-06-26 "Elenor Of Tsort" yes
  • 2015-08-10 "Detritus" yes
  • 2014-09-29 "Hrun" yes

plugin Plain Auth Plugin with Yubikey's two factor identifiction via OTP

Last updated on
2017-01-03
Provides
Auth
Repository
Source

Tagged with authentication, otp, yubikey

This plugin extends the plain authentification of Dokuwiki with a two-factor authentification based on the Yubikey by Yubico. A Yubikey generates a one-time password which can be checked by the servers of Yubico for validity.

Prerequisites

You have to ensure that your PHP installation supports PEAR and curl (i.e. php-pear and php5-curl must be installed on Debian based systems). If you don't have shell access to your server, you can check via phphinfo() if these modules are installed on your system.

Installation

Install the plugin using the Plugin Manager and the download URL above, which points to latest version of the plugin. Refer to Plugins on how to install plugins manually.

Configuration and Settings

First of all you must set authtype to authyubikey in the Configuration Manager. Of course you can also set this parameter by editing conf/local.php or conf/local.protected.php:

$conf['authtype'] = 'authyubikey';

Then you have to set the following parameters in the plugin section of the Configuration Manager:

  1. yubico_client_id: Your client id given by Yubico (see https://upgrade.yubico.com/getapikey/ for more informations).
  2. yubico_secret_key: The secret key belonging to the above mentioned client id.
  3. A user can have more than one Yubikey. This plugin can handle up to 5 different Yubikeys per user. With the parameter yubico_maxkeys you can define the desired number for your Dokuwiki instance.
conf/local.php
$conf['plugin']['authyubikey']['yubico_client_id']  = 12345;
$conf['plugin']['authyubikey']['yubico_secret_key'] = 'secret_key_from_yubico';
$conf['plugin']['authyubikey']['yubico_maxkeys']    = 2;

Furthermore it is important, that every user can update his own profile. So the parameter disableactions must not contain the value profile. Alternativly, if you are using the Configuration Manager you must ensure that the checkbox Update profile of the config item disableactions is not checked.

Now the user can update his user profile and add his personal Yubikey IDs. In the Update profile form the user enters the Yubikey ID field and presses the button on the Yubikey. The first 12 characters of the generated one-time password are saved in a new configuration file conf/users.yubikeys.php. This file has the simple format

login:Yubikey ID

This way, a certain Yubikey is bound to a specific user login. From now on, this user can only login by giving username, password and pressing the Yubikey. A Yubikey can be deleted from the user profile by simply leave the Yubikey ID field empty in the Update profile form.

If there is no Yubikey ID saved for a user, the user can login with his username and the password. So your users can decide, if they want to secure their accounts by using a two-factor identification.

Change Log

FAQ

None yet.

plugin/authyubikey.txt · Last modified: 2017-01-03 15:45 by 88.152.213.23