3.91. <AuthBy YUBIKEYVALIDATIONSERVER> Previous topic Parent topic Child topic Next topic

This module authenticates YubiKey tokens (yubico.com) against YubiCloud validation service or locally hosted YubiKey Validation Server. This allows flexibility in deciding which validation service or server to use and where to plug in a YubiHSM. This module does not require any YubiKey specific modules because all required work is done by the validation server and possibly by YubiHSM. PyHSM validation server allows using Radiator with YubiHSM (Hardware Security Module) for storing the YubiKey secrets.
Yubico's Validation Server (YK-VAL) and YubiCloud API versions 1.0 and 2.0 are supported. For YubiCloud you should set APIVersion to 2.0 and ClientID to the value assigned to you by Yubico. Configuring APIKey is optional but recommended especially when ValidationServerURL is set to http instead of https. If you run a self hosted YK-VAL, set APIVersion, ClientID and APIKey to match the server configuration.
Yubico's PyHSM validation server and its one line response format is also supported. Yubico's PyHSM validation server yhsm-val supports Yubico OTP, OATH-HOTP and OATH-TOTP.
See a sample configuration file goodies/yubikey-validationserver.cfg for two-factor, single factor and EAP configuration examples.
AuthBy YUBIKEYVALIDATIONSERVER understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.31.