yubiserver is a simple and lightweight Yubikey OTP and HOTP/OATH validation server to be used with Yubico's Yubikey USB tokens including a powerful administration tool, yubiserver-admin, with which you can manage yubiserver's database by adding,deleting,activating and deactivating users that validate with OTP or HOTP/OATH tokens.
Index
Download
The yubiserver tarball. Install by issuing 'configure && make install'.
Packages are known to be available for Debian via their respective Package Management Systems.
Synopsis
yubiserver [Options]
Options
- --version, -V
- Print version information.
- --help, -h
- Print this help screen.
- --database, -d
-
Use this SQLite3 database file.
- --port , -p
-
Port to bind the server. Default port is 8000.
- --logfile, -l
-
Use this as logfile. Default is '/var/log/yubiserver.log'.
yubiserver-admin [[-b FILE]] [table] [Options] [[attributes]]
Options
- --version, -V
- Print version information.
- --help, -h
- Print this help screen.
- --database, -b
- Use this SQLite3 database file.
- --yubikey, -y
- Choose Yubikey Token table.
- --oauth, -o
- Choose OATH Token table.
- --api, -p
- Choose API Key table.
- --add N [P S [A]], -a N [P S [A]]
- Add Yubikey OTP & HOTP/OATH token or API Key 'N' user
where N is the username, P the Public Token ID,
S the Secret ID and A the AES Key
N must be 16 characters max,P must be 12 characters
for Yubikey OTP and 12 characters max for HOTP/OATH
S must be 12 characters for Yubikey OTP and 40 for HOTP/OATH
and AES key must be 32 characters
Adding a user to API keys requires a username
and a API Key 20 characters long
- --delete N, -x N
- Delete Yubikey OTP, HOTP/OATH token or API Key 'N' user.
- --enable N, -e N
- Enable Yubikey OTP, HOTP/OATH token or API Key 'N' user.
- --disable N, -d N
- Disable Yubikey OTP, HOTP/OATH token or API Key 'N' user.
- --list, -l
- List Yubikey OTP, HOTP/OATH token or API Key 'N' user.
ChangeLog
yubiserver (0.3-1) unstable; urgency=low
* Saved debian/copyright file to UTF-8 encoding
* Update debian/rules
- Changed field --with-default-sqlite3-db-file
- Changed field --with-default-yubiserver-log-file
- Added dh_installdirs and dh_install helpers along
with their counterpart files, yubiserver.dirs and
yubiserver.postinst
* Added new file for handling package removal, yubiserver.postrm
* With changes above now the database file yubiserver.sqlite installs
in the appropriate location /var/lib/yubiserver (Closes: Bug#690837)
Thanks to Apollon Oikonomopoulos for pointing
this out.
* yubiserver now drops privileges and runs as the new added user
'yubiserver'.
With changes above a new system user/group 'yubiserver' is created and
the appropriate permissions to the database and the yubiserver-admin binary
are set. The database file is group-writable by this group, allowing
the local administrator to grant yubiserver-admin access to regular users.
Thanks to Apollon Oikonomopoulos for pointing this out.
(Closes: Bug#690840)
-- Nanakos Chrysostomos Sun, 21 Oct 2012 15:00:39 +0300
yubiserver (0.2-3) unstable; urgency=low
* Fixing array bounds errors.
-- Nanakos Chrysostomos Tue, 21 Aug 2012 20:25:54 +0300
yubiserver (0.2-2) unstable; urgency=low
* Fixed buffer overruns.
* Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357)
Thanks to Lucas Nussbaum and Anibal Monsalve Salazar
for their help and for pointing this out.
-- Nanakos Chrysostomos Sat, 21 Apr 2012 12:39:30 +0300
yubiserver (0.2-1) unstable; urgency=low
* Fixed bug in yubiserver-admin concerning the failed selection of the
non-default SQLite3 database file.
* yubiserver now uses for connection management the high performance event
loop library libev.
* Fixed ISO Date field when producing the HMAC output string.
* Fixed typographic mistakes; OAUTH was OATH for yubiserver's case.
* Fixed SQLite3 memory leaks.
* Removed pre-filled identity from the database. Thanks to Gian Piero Carruba
for resolving this security issue.
-- Nanakos Chrysostomos Mon, 30 Jan 2012 18:00:08 +0200
yubiserver (0.1-1) unstable; urgency=low
* Initial release (Closes: Bug#647101)
-- Nanakos Chrysostomos Wed, 28 Sep 2011 15:44:24 +0300