Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:07 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: YMS Setup Help
PostPosted: Tue Feb 10, 2009 11:53 am 
Offline

Joined: Tue Feb 10, 2009 11:43 am
Posts: 5
First timer .. so please bear with me..

So I have setup all the validation server components and have the yms server index page working.
I have some questions about setting up the admin key and the config.php parameters:

// OTP from your admin key you are to use to log in to KMS
// Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv';

How do I generate this OTP ? Just plug the key in, switch focus to notepad or something and press the yubikey to generate the key ?

// Admin PIN as the 2nd factor of auth
//Eg. $pin = '12345678';
$pin = '12345678';

Guessing I can use any random string of integers

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';

Where do I get this from?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: YMS Setup Help
PostPosted: Tue Feb 10, 2009 12:32 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Here are answers to your questions:

    1) You can generate an OTP exactly the same way you have mentioned. After generating the OTP on notepad, you can paste it to the config.php file

    2) You can use any random string of integers

    3) You can securely revoke, activate your keys, retrieve or reset the YubiKey ID, AES secret key, etc. from the YMS server if you have client admin rights for the YMS server.

    To enable the client admin rights send following information to "yms@yubico.com":

      a) 2 consecutive OTPs from one of your YubiKey that you want to use to access the YubiKey Management System to manage your own YubiKeys and client information.

      b) Paypal transaction details of YubiKey purchase.

Feel free to write back to us in case you face any problems.


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Wed Feb 11, 2009 11:05 am 
Offline

Joined: Tue Feb 10, 2009 11:43 am
Posts: 5
OK.. So now that I have the secret AES key, i have modified the config.php and have loaded the data into the database using the install.php script. I included the AES in b64 format.

When I now access the validation server and provide the yubico OTP using the key nothing happens. The login page simply gets re-loaded; almost like it does not like the otp. Any ideas ? Are there any logs I can look at to see what is happening?


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Wed Feb 11, 2009 2:52 pm 
Offline

Joined: Tue Feb 10, 2009 11:43 am
Posts: 5
Got a little further by debugging the php code..

Now the login.php script failes because the $_SESSION['keyid'] field is not set.. so the query against the admin table to verify the pin fails. Any idea how to fix this ?

I am running on IIS 7 / W2K8 32bit and using the php validation server.


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Wed Feb 11, 2009 3:34 pm 
Offline

Joined: Tue Feb 10, 2009 11:43 am
Posts: 5
I added a session_start() command at the beginning of yubiphpbase/appinclude.php and now the session variables are being carried over from screen to screen and I am able to log into the app.

I am including the first few lines from the file .. including the change I made highlighted in blue

<?php require_once '../yubico-php-lib/AES128.php';
require_once 'config.php';

session_start();

$devMode = false;
$debug = true;
//$announcement = 'Site under maintenance, will be back in a few hours...';
$announcement = '';



Could somebody from yubico please verify that this is really a bug and that the change I have made is the fix for it?

Thanks,


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Thu Feb 12, 2009 6:09 am 
Offline

Joined: Wed Feb 11, 2009 11:42 am
Posts: 4
A session_start() is defnitively missing somewhere.
If it is placed there, the login works great, but then atleast I get:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/kms/all_keys.php:5) in /var/www/yubiphpbase/appinclude.php on line 3
just above the
"There are 1 active keys, 0 inactive keys.


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Thu Feb 12, 2009 2:57 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We are working on the issue and we will update you soon.


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Fri Feb 13, 2009 11:30 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We would appreciate if you can check whether the auto session is enabled for PHP.

Please follow the steps below to check if auto session property is enabled:

    1) Open the php.ini file
    2) Check if "session.auto_start" is set to 1 (session.auto_start = 1)

If session.auto_start is not set to 1, please set its value to 1 and test again.

Feel free to write back to us in case you face any problems.


Top
 Profile  
Reply with quote  
 Post subject: Re: YMS Setup Help
PostPosted: Fri Feb 13, 2009 2:06 pm 
Offline

Joined: Wed Feb 11, 2009 11:42 am
Posts: 4
Setting

session.auto_start = 1

definitively solved it for me.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group