Home Configuration Directives

Support me and buy your Yubikey via this link:


 

Want to donate?

 

Want more YubiKey use? try Clavid.com which is a swiss OpenID provider

 

Helpful Links:

Apache HTTPD project

APR project

Apache HTTPD API documentation

Yubico

 

Authored by Jens Frey

 

Recent News:

 

31.08.2008:

WebSite officially launched

 

Supported Browsers:

Firefox 0.9+

Microsoft IE 5.0+

Mozilla 1.0+

Netscape 6.0+

Opera 7.0+

Safari 1.0+

Configuration directives for mod_authn_yubikey

mod_authn_yubikey provides the following configuration directives:

Which will be explained within the next sections.

 

------------------------

August 2008, 31th by Jens Frey

AuthYubiKeyTimeout

The AuthYubiKeyTimeout directive specifies an absolute timeout since the user last logged in. This means, that if the timeout is set to 120 seconds, the user has to log in again after 120 seconds of using the page. This is a hard timeout which is not renewed as the user is working with the page.

 

The default value is 43200 seconds (12h)

AuthYubiKeyTmpFile

The AuthYubiKeyTmpFile directive specifies the temporary file which is used to store authenticated users. If a user successfully authenticates, the authentication time is stored within this file. It is used to determine when the user logged in last.

 

The default value is $SERVER_ROOT/conf/ykTmpDb

Remember, if you specify the location of the file, mention that if you configure it to /tmp on UNIX systems, that possibly everyone can view that file.

AuthYubiKeyUserFile

The AuthYubiKeyUserFile directive is the file which is responsible for the tokenid/username mapping. Additionally it is required for users to be present with their Yubikey id within this file to access the site protected by mod_authn_yubikey .

 

The default value is $SERVER_ROOT/conf/ykUserDb

AuthYubiKeyRequireSecure

The AuthYubiKeyRequireSecure directive takes care of users using https with your selected target. This is especially useful if you are authenticating users with two factors (password AND yubikey), since the password and the token itself are just Base64 encoded when they are sent back to the server authenticating the user.

 

The default value is On (secure connection required)

AuthYubiKeyExternalErrorPage

The AuthYubiKeyExternalErrorPage directive let's you specify an error page different from the built in error page, so that you are able to design your own. By using the ErrorDocument directive within your configuration you can even redirect the user to a site not residing on you machine.

 

The default value is Off (built in error page used)