Achievo/Howto/Users/Yubikey authentication
From Achievo/ATK Wiki
|
Achievo Howto: Achievo/Howto/Users/Yubikey authentication
|
 |
This howto explains how you can turn on authenciation with Yubikey.
Important: Only the key itself is implemented now. For maximum security, you will need to add a password to the Yubikey to make it true multi-factor authentication.
Contents |
Database
For enabling yubikey support we need to extend the table 'person' with a field that can hold the yubikey. You can add the field with phpMyAdmin or execute this query:
ALTER TABLE `person` ADD `yubikey` VARCHAR( 12 ) NULL ;
Configuration
After changing the database you need to change some configuration settings in the config.inc.php file:
$config_authentication = "yubikey"; $config_auth_yubikey_id = <Yubico API ID>; $config_auth_yubikey_key = '<Yubico API key>'; $config_auth_yubikeyfield = 'yubikey';
Alter the employee class
In the employee class (modules/employee/class.employee.inc) search for the following lines:
if (in_array("db",explode(",",strtolower(atkconfig('authentication')))))
$this->addPasswordAttribute();
And before these lines you need to add:
// If authentication method yubikey is active:
if (in_array("yubikey",explode(",",strtolower(atkconfig('authentication')))))
$this->add(new atkAttribute(atkconfig("auth_yubikeyfield"), AF_HIDE_LIST, 12));
Finalize
Now log in as a user that has the admin rights for employees and set a yubikey identity (the first 12 characters of any OTP from your device) for each Employee in the new "yubikey" field and you can authenticate using the Yubikey.
