Yubico Forum
https://forum.yubico.com/

YMS Setup Help
https://forum.yubico.com/viewtopic.php?f=5&t=255		 Page 1 of 1
Author:  marcose [ Tue Feb 10, 2009 11:53 am ]
Post subject:  YMS Setup Help
First timer .. so please bear with me..

So I have setup all the validation server components and have the yms server index page working.
I have some questions about setting up the admin key and the config.php parameters:

// OTP from your admin key you are to use to log in to KMS
// Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv';
How do I generate this OTP ? Just plug the key in, switch focus to notepad or something and press the yubikey to generate the key ?

// Admin PIN as the 2nd factor of auth
//Eg. $pin = '12345678';
$pin = '12345678';
Guessing I can use any random string of integers

// This is the AES secret inside your key
// Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
$aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ==';
Where do I get this from?
Author:  network-marvels [ Tue Feb 10, 2009 12:32 pm ]
Post subject:  Re: YMS Setup Help
Here are answers to your questions:

    1) You can generate an OTP exactly the same way you have mentioned. After generating the OTP on notepad, you can paste it to the config.php file

    2) You can use any random string of integers

    3) You can securely revoke, activate your keys, retrieve or reset the YubiKey ID, AES secret key, etc. from the YMS server if you have client admin rights for the YMS server.

    To enable the client admin rights send following information to "yms@yubico.com":

      a) 2 consecutive OTPs from one of your YubiKey that you want to use to access the YubiKey Management System to manage your own YubiKeys and client information.

      b) Paypal transaction details of YubiKey purchase.

Feel free to write back to us in case you face any problems.
Author:  marcose [ Wed Feb 11, 2009 11:05 am ]
Post subject:  Re: YMS Setup Help
OK.. So now that I have the secret AES key, i have modified the config.php and have loaded the data into the database using the install.php script. I included the AES in b64 format.

When I now access the validation server and provide the yubico OTP using the key nothing happens. The login page simply gets re-loaded; almost like it does not like the otp. Any ideas ? Are there any logs I can look at to see what is happening?
Author:  marcose [ Wed Feb 11, 2009 2:52 pm ]
Post subject:  Re: YMS Setup Help
Got a little further by debugging the php code..

Now the login.php script failes because the $_SESSION['keyid'] field is not set.. so the query against the admin table to verify the pin fails. Any idea how to fix this ?

I am running on IIS 7 / W2K8 32bit and using the php validation server.
Author:  marcose [ Wed Feb 11, 2009 3:34 pm ]
Post subject:  Re: YMS Setup Help
I added a session_start() command at the beginning of yubiphpbase/appinclude.php and now the session variables are being carried over from screen to screen and I am able to log into the app.

I am including the first few lines from the file .. including the change I made highlighted in blue

<?php require_once '../yubico-php-lib/AES128.php';
require_once 'config.php';
session_start();

$devMode = false;
$debug = true;
//$announcement = 'Site under maintenance, will be back in a few hours...';
$announcement = '';


Could somebody from yubico please verify that this is really a bug and that the change I have made is the fix for it?

Thanks,
Author:  %%USERNAME%% [ Thu Feb 12, 2009 6:09 am ]
Post subject:  Re: YMS Setup Help
A session_start() is defnitively missing somewhere.
If it is placed there, the login works great, but then atleast I get:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/kms/all_keys.php:5) in /var/www/yubiphpbase/appinclude.php on line 3
just above the
"There are 1 active keys, 0 inactive keys.
Author:  network-marvels [ Thu Feb 12, 2009 2:57 pm ]
Post subject:  Re: YMS Setup Help
We are working on the issue and we will update you soon.
Author:  network-marvels [ Fri Feb 13, 2009 11:30 am ]
Post subject:  Re: YMS Setup Help
We would appreciate if you can check whether the auto session is enabled for PHP.

Please follow the steps below to check if auto session property is enabled:

    1) Open the php.ini file
    2) Check if "session.auto_start" is set to 1 (session.auto_start = 1)

If session.auto_start is not set to 1, please set its value to 1 and test again.

Feel free to write back to us in case you face any problems.
Author:  %%USERNAME%% [ Fri Feb 13, 2009 2:06 pm ]
Post subject:  Re: YMS Setup Help
Setting

session.auto_start = 1

definitively solved it for me.
Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/