This repository has been archived by the owner on Mar 20, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
README
58 lines (43 loc) · 1.97 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
== rlm_yubico
NOTE: This project is deprecated and is no longer being maintained.
FreeRADIUS module for using YubiKeys for authentication.
=== Introduction
This is a rlm_perl based module for FreeRadius that allows adding
authentication by YubiKey OTP (One Time Password). It works in addition
to existing authentication methods, such as username and password. A
YubiKey OTP can be passed by appending it either to the username or the
password. When possible, rlm_yubico will use an Access-Challenge response
to query the user for an OTP if one is required but not provided.
=== Installation
* Run 'make install'
* Edit /etc/freeradius/modules/perl:
- Set module = /usr/share/rlm_yubico/rlm_yubico.pl
* Edit /etc/freeradius/sites-available/default:
- Add "perl" (without quotes) to a line by itself in the "authorize"
section. It needs to occur early on, at least before "files".
- Add "perl" to a line by itself in the "post-auth" section.
* Edit /etc/freeradius/dictionary:
- Add the following line:
$INCLUDE /usr/share/rlm_yubico/dictionary
=== Configuration
Place configuration in /etc/yubico/rlm/ykrlm-config.cfg
Place username -> YubiKey mappings in /etc/yubico/rlm/ykmapping
See the included ykrlm-config.cfg file for a description of available
settings.
Any changes to configuration will require a full restart of freeradius
to take effect. Even though freeradius supports reloading configuration
without restarting (by sending a HUP signal), rlm_perl, which is used
by rlm_yubico, does not.
**NOTE**: When running freeRADIUS (< 2.1.12) on a Debian based system,
you need to preload Perl libraries for rlm_yubico to work. This can
be done by running freeRADIUS using the following command (change the
version to match your Perl installation):
LD_PRELOAD=/usr/lib/libperl.so.5.10 freeradius
=== Dependencies
rlm_yubico requires the following Perl modules:
AnyEvent::Yubico
Crypt::CBC
Digest::
Error::
Crypt::Blowfish
FreeRADIUS is also required.