yubiserver

yubiserver is a simple and lightweight Yubikey OTP and HOTP/OATH validation server to be used with Yubico's Yubikey USB tokens including a powerful administration tool, yubiserver-admin, with which you can manage yubiserver's database by adding,deleting,activating and deactivating users that validate with OTP or HOTP/OATH tokens.

Index

Download

The yubiserver tarball. Install by issuing 'configure && make install'.

Packages are known to be available for Debian via their respective Package Management Systems.

Synopsis

yubiserver [Options]

Options

--version, -V

Print version information.
--help, -h

Print this help screen.
--database, -d

Use this SQLite3 database file.

--port , -p

Port to bind the server. Default port is 8000.

--logfile, -l

Use this as logfile. Default is '/var/log/yubiserver.log'.

yubiserver-admin [[-b FILE]] [table] [Options] [[attributes]]

Options

--version, -V

Print version information.
--help, -h

Print this help screen.
--database, -b

Use this SQLite3 database file.

--yubikey, -y

Choose Yubikey Token table.

--oath, -o

Choose OATH Token table.

--api, -p

Choose API Key table.

--add N [P S [A]], -a N [P S [A]]

Add Yubikey OTP & HOTP/OATH token or API Key 'N' user where N is the username, P the Public Token ID, S the Secret ID and A the AES Key N must be 16 characters max,P must be 12 characters for Yubikey OTP and 12 characters max for HOTP/OATH S must be 12 characters for Yubikey OTP and 40 for HOTP/OATH and AES key must be 32 characters Adding a user to API keys requires a username and a API Key 20 characters long

--delete N, -x N

Delete Yubikey OTP, HOTP/OATH token or API Key 'N' user.

--enable N, -e N

Enable Yubikey OTP, HOTP/OATH token or API Key 'N' user.

--disable N, -d N

Disable Yubikey OTP, HOTP/OATH token or API Key 'N' user.

--list, -l

List Yubikey OTP, HOTP/OATH token or API Key 'N' user.

ChangeLog

yubiserver (0.4-4) unstable; urgency=low

  * Fix buffer overruns.
    (Closes: Bug#721754)
  * Initialize libgcrypt after fork()'ing yubiserver. Avoid "Oops, secure
    memory pool already initialized" libgcrypt messages every time
    aes128ecb_decrypt() function is called.

 -- Nanakos Chrysostomos   Sun, 23 Feb 2014 19:58:07 +0200

yubiserver (0.4-3) unstable; urgency=low

  * Fixed debian/yubiserver.postrm and added debian/yubiserver.preinst
    to avoid fail while upgrading from 'testing'.
    Thanks to Andreas Beckmann  for the bug filling.
    (Closes: Bug#718735)

 -- Nanakos Chrysostomos   Mon, 05 Aug 2013 12:43:03 +0300

yubiserver (0.4-2) unstable; urgency=low

  * Fixed debian/yubiserver.postrm ignore any errors from deluser.
    Thanks to Andreas Beckmann  for the bug filling
    and Kamal Mostafa  for the immediate re-upload
    of the package. (Closes: Bug#718602)

 -- Nanakos Chrysostomos   Sat, 03 Aug 2013 21:25:26 +0300

yubiserver (0.4-1) unstable; urgency=low

  * Bumped S-V version to 3.9.4
  * Clean lintian Errors and Warnings
  * Added compile,depcomp,install-sh,missing and removed old symlinks.
    Thanks to Lucas Nussbaum  for pointing
    this out. (Closes: Bug#713230)
  * Updated debian/yubiserver.postinst
    	- Moved mkdir's to yubiserver.dirs.
  	- Replaced whole directory chown's to unique entries
          concerning each directory and file used by yubiserver.
  * Updated debian/yubiserver.postrm
        - Split purge operation to handle the removal of yubiserver user
          and clean /var/log/yubiserver and /var/run/yubiserver dir's.
        - Removal of package only affects the deletion of /var/rub/yubiserver
          directory.
  * Updated debian/init
        - Init script creates /var/run/yubiserver directory if it doesn't 
          exist according to Debian Policy 9.1.4 and 9.3.2.
  * Fixed Makefile.am to compile cleanly after gcc's more restrictive 
    rules about explicity library ordering.
    Thanks to Kamal Mostafa  for the related patch.

 -- Nanakos Chrysostomos   Fri, 26 Jul 2013 20:33:39 +0300

yubiserver (0.3-1) unstable; urgency=low

  * Saved debian/copyright file to UTF-8 encoding
  * Update debian/rules
        - Changed field --with-default-sqlite3-db-file
        - Changed field --with-default-yubiserver-log-file
        - Added dh_installdirs and dh_install helpers along
          with their counterpart files, yubiserver.dirs and
          yubiserver.postinst
  * Added new file for handling package removal, yubiserver.postrm
  * With changes above now the database file yubiserver.sqlite installs
    in the appropriate location /var/lib/yubiserver (Closes: Bug#690837)
    Thanks to Apollon Oikonomopoulos  for pointing
    this out.
  * yubiserver now drops privileges and runs as the new added user
    'yubiserver'.
    With changes above a new system user/group 'yubiserver' is created and
    the appropriate permissions to the database and the yubiserver-admin binary
    are set. The database file is group-writable by this group, allowing
    the local administrator to grant yubiserver-admin access to regular users.
    Thanks to Apollon Oikonomopoulos  for pointing this out.
    (Closes: Bug#690840)

 -- Nanakos Chrysostomos   Sun, 21 Oct 2012 15:00:39 +0300

yubiserver (0.2-3) unstable; urgency=low

  * Fixing array bounds errors.

 -- Nanakos Chrysostomos   Tue, 21 Aug 2012 20:25:54 +0300

yubiserver (0.2-2) unstable; urgency=low

  * Fixed buffer overruns.
  * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357)
    Thanks to Lucas Nussbaum and Anibal Monsalve Salazar
    for their help and for pointing this out.

 -- Nanakos Chrysostomos   Sat, 21 Apr 2012 12:39:30 +0300

yubiserver (0.2-1) unstable; urgency=low

  * Fixed bug in yubiserver-admin concerning the failed selection of the
    non-default SQLite3 database file.
  * yubiserver now uses for connection management the high performance event
    loop library libev.
  * Fixed ISO Date field when producing the HMAC output string.
  * Fixed typographic mistakes; OAUTH was OATH for yubiserver's case.
  * Fixed SQLite3 memory leaks.
  * Removed pre-filled identity from the database. Thanks to Gian Piero Carruba
    for resolving this security issue.

 -- Nanakos Chrysostomos   Mon, 30 Jan 2012 18:00:08 +0200

yubiserver (0.1-1) unstable; urgency=low

  * Initial release (Closes: Bug#647101)

 -- Nanakos Chrysostomos   Wed, 28 Sep 2011 15:44:24 +0300