Yubico Forum

Re: YMS Setup Help

2009-02-13T14:06:01+01:00

Setting

session.auto_start = 1

definitively solved it for me.

Statistics: Posted by %%USERNAME%% — Fri Feb 13, 2009 2:06 pm

Re: YMS Setup Help

2009-02-13T11:30:39+01:00

We would appreciate if you can check whether the auto session is enabled for PHP.

Please follow the steps below to check if auto session property is enabled:

If session.auto_start is not set to 1, please set its value to 1 and test again.

Feel free to write back to us in case you face any problems.

Statistics: Posted by network-marvels — Fri Feb 13, 2009 11:30 am

Re: YMS Setup Help

2009-02-12T14:57:00+01:00

We are working on the issue and we will update you soon.

Statistics: Posted by network-marvels — Thu Feb 12, 2009 2:57 pm

Re: YMS Setup Help

2009-02-12T06:09:05+01:00

A session_start() is defnitively missing somewhere.
If it is placed there, the login works great, but then atleast I get:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/kms/all_keys.php:5) in /var/www/yubiphpbase/appinclude.php on line 3
just above the
"There are 1 active keys, 0 inactive keys.

Statistics: Posted by %%USERNAME%% — Thu Feb 12, 2009 6:09 am

Re: YMS Setup Help

2009-02-11T15:34:49+01:00

I added a session_start() command at the beginning of yubiphpbase/appinclude.php and now the session variables are being carried over from screen to screen and I am able to log into the app.

I am including the first few lines from the file .. including the change I made highlighted in blue

require_once 'config.php';
session_start();

$devMode = false;
$debug = true;
//$announcement = 'Site under maintenance, will be back in a few hours...';
$announcement = '';

Could somebody from yubico please verify that this is really a bug and that the change I have made is the fix for it?

Thanks,

Statistics: Posted by marcose — Wed Feb 11, 2009 3:34 pm

Re: YMS Setup Help

2009-02-11T14:52:03+01:00

Got a little further by debugging the php code..

Now the login.php script failes because the $_SESSION['keyid'] field is not set.. so the query against the admin table to verify the pin fails. Any idea how to fix this ?

I am running on IIS 7 / W2K8 32bit and using the php validation server.

Statistics: Posted by marcose — Wed Feb 11, 2009 2:52 pm

Re: YMS Setup Help

2009-02-11T11:05:00+01:00

OK.. So now that I have the secret AES key, i have modified the config.php and have loaded the data into the database using the install.php script. I included the AES in b64 format.

When I now access the validation server and provide the yubico OTP using the key nothing happens. The login page simply gets re-loaded; almost like it does not like the otp. Any ideas ? Are there any logs I can look at to see what is happening?

Statistics: Posted by marcose — Wed Feb 11, 2009 11:05 am

Re: YMS Setup Help

2009-02-10T12:32:57+01:00

Here are answers to your questions:

Feel free to write back to us in case you face any problems.

Statistics: Posted by network-marvels — Tue Feb 10, 2009 12:32 pm

YMS Setup Help

2009-02-10T11:53:21+01:00

First timer .. so please bear with me..

So I have setup all the validation server components and have the yms server index page working.
I have some questions about setting up the admin key and the config.php parameters:

// OTP from your admin key you are to use to log in to KMS
// Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv';
How do I generate this OTP ? Just plug the key in, switch focus to notepad or something and press the yubikey to generate the key ?

// Admin PIN as the 2nd factor of auth
//Eg. $pin = '12345678';
$pin = '12345678';
Guessing I can use any random string of integers

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
Where do I get this from?

Statistics: Posted by marcose — Tue Feb 10, 2009 11:53 am