Table of Contents
Compatible with DokuWiki
- 2020-07-29 "Hogfather" no
- 2018-04-22 "Greebo" no
- 2017-02-19 "Frusterick Manners" no
- 2016-06-26 "Elenor Of Tsort" yes
This plugin extends the plain authentification of Dokuwiki with a two-factor authentification based on the Yubikey by Yubico. A Yubikey generates a one-time password which can be checked by the servers of Yubico for validity.
You have to ensure that your PHP installation supports PEAR and curl (i.e. php-pear and php5-curl must be installed on Debian based systems). If you don't have shell access to your server, you can check via phphinfo() if these modules are installed on your system.
Configuration and Settings
First of all you must set authtype to authyubikey in the Configuration Manager. Of course you can also set this parameter by editing conf/local.php or conf/local.protected.php:
$conf['authtype'] = 'authyubikey';
Then you have to set the following parameters in the plugin section of the Configuration Manager:
- yubico_client_id: Your client id given by Yubico (see https://upgrade.yubico.com/getapikey/ for more informations).
- yubico_secret_key: The secret key belonging to the above mentioned client id.
- A user can have more than one Yubikey. This plugin can handle up to 5 different Yubikeys per user. With the parameter yubico_maxkeys you can define the desired number for your Dokuwiki instance.
$conf['plugin']['authyubikey']['yubico_client_id'] = 12345; $conf['plugin']['authyubikey']['yubico_secret_key'] = 'secret_key_from_yubico'; $conf['plugin']['authyubikey']['yubico_maxkeys'] = 2;
Furthermore it is important, that every user can update his own profile. So the parameter disableactions must not contain the value profile. Alternativly, if you are using the Configuration Manager you must ensure that the checkbox Update profile of the config item disableactions is not checked.
Now the user can update his user profile and add his personal Yubikey IDs. In the Update profile form the user enters the Yubikey ID field and presses the button on the Yubikey. The first 12 characters of the generated one-time password are saved in a new configuration file conf/users.yubikeys.php. This file has the simple format
This way, a certain Yubikey is bound to a specific user login. From now on, this user can only login by giving username, password and pressing the Yubikey. A Yubikey can be deleted from the user profile by simply leave the Yubikey ID field empty in the Update profile form.
If there is no Yubikey ID saved for a user, the user can login with his username and the password. So your users can decide, if they want to secure their accounts by using a two-factor identification.
- Actualized Yubico's PHP library (2017-01-03 15:36)
- Corrected the release date (2016-02-03 07:52)
- Updated plugin.info.txt with new version information (2016-01-29 13:45)
- Merge pull request #1 from splitbrain-forks/php7-signature (2016-01-28 21:31)
- Adjust method signatures to match parent (2016-01-22 17:29)
- Added some more error translations. (2014-12-27 19:00)
- Merge branch 'master' of https://github.com/gdirch/authyubikey (2014-12-27 18:19)
- Corrected an error in the hook functions. I've forgotten to check, (2014-12-27 18:16)