Yubico Forum https://forum.yubico.com/ |
|
two keys - php - webapi password genned problem https://forum.yubico.com/viewtopic.php?f=3&t=88 |
Page 1 of 1 |
Author: | julian46 [ Mon Jun 09, 2008 8:42 pm ] |
Post subject: | two keys - php - webapi password genned problem |
Hi - I have two yubikeys - and want two factor authentication to my customer tracking site (for my partner and myself) I guess I don't understand what the website generated API ID does and how it relates to the OTP from the key. I am using Simons PHP class code to do the authentication. I thought the Web API genned ID: was unique to the individual Yubikey - but whether I use the ID generated for my Yubikey or the ID generated for my partners Yubikey and the OTP generated in real time by either Yubikey - it passes and allows the login. (the OTP authentication is working properly but seems to be independent of the API ID) So it is working - and you must use a yubikey to login - but I want to tighten it to assign the API ID to a specific user then to be checked against the OTP in realtime from the Yubikey. thanks - great device |
Author: | julian46 [ Mon Jun 09, 2008 9:57 pm ] |
Post subject: | Re: two keys - php - webapi password genned problem |
ok I figured it out (I think - correct me if Im wrong) the website genned ID is only used to pull up the shared key used when verifying the OTP against the website. I realize that I must also store the unique Yubikey ID (the first 12 chars of the OTP that doesnt change) - in my SQL db and search for that too - and verify it against my server side stored username and password and retrieve the website api genned ID - (all first before I fire off the OTP to the Yubico website for final verification) thanks - its now working exactly as hoped - awesome |
Author: | Simon [ Tue Jun 10, 2008 9:29 am ] |
Post subject: | Re: two keys - php - webapi password genned problem |
Yes, there are a couple of different ID's involved, including at least: Web Service Client ID: used with the API key id to generate signatures and validate responses from our server. You can generate a new client id and api key from our web pages. We require a valid yubikey output to prevent people from spamming the database. External ID: The static 12 modhex characters (6 bytes) output as prefix for every output. Allocated randomly. Internal ID: The static 6 bytes in the encrypted OTP part. Allocated randomly, not the same as the external id. Hope this helps. /Simon |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |