How about Windows YubiKey server?

Started by JustGuest, September 06, 2010, 08:30:15 PM

Previous topic - Next topic

JustGuest

Hi,

Configuring own Yubikey validation server under Linux,
using PHP/MySQL, etc. is a very heavy task.
It is practically impossible to run Yubikey validation
server under Windows server, using Yubico-provided
PHP sources.

How about simple service-mode server, running under any
Windows, with nice GUI to manage it? Using Indy 10 libraries,
and your source code ( http://www.pepak.net/download/pkyubikey/ )
I already wrote my own server, but it is dirty and it works only
in application mode - I wasn't able to build it in service mode
(I'm beginner  in Delphi).

What do you thing about such idea? Pure-windows opensource
YubiKey validation server could be a beautiful gift for all
YubiKey users.

Kind regards,

JustGuest

pepak

What exactly does a "Yubikey validation server" do? I take it it does much the same thing as my PkYoubikey library, except over TCP/IP rather than through a DLL interface. If that is so, then yes, a simple server is a possibility.

JustGuest

Hi!

Thanks for reply.

Yes, Yubikey validation server is functionally equivalent to your library,
and it communicates with client by web API, for example see
http://yubico.com/demo/php-yubico.php

I defined my own API syntax, and everything works fine
except running my server as service.

I created two versions of my server: one compatible
with your library, which stores keys and users data
in Windows Registry, and another one, which uses
encrypted INI file, using TSECURITYINI class:

http://www.torry.net/vcl/system/registry/bdsecurityini.zip

Regards,

JustGuest

pepak

I guess I could write a simple Validation Server.

a) I could adapt the SlimFTPD code to it, by removing all FTP stuff (basically leaving just the service + socket parts) and substituting it with a call to PkYubikey.dll. That way I would get a proven service which could be adapted to any kind of users data storage simply by replacing the library.

b) If you send me your stand-alone application, I might be able to adapt it to a service - it's not that difficult to write a service in Delphi, you just need to take care of several "gotcha's".

Version B should take much less time. Or at least I would be able to quickly tell you that I can't do it.

JustGuest

Hi,

Please, tell me your e-mail address, where my source codes could be sent.

Regards,

JustGuest


JustUser

Hi,

Sources sent.

Server expects http call in form

http://serveraddress:portnumber/?heregoestheotpsequence

and replies with only two responses:

status=OK
status=BAD_OTP

Regards,

JustUser

Quick Reply

Note: this post will not display until it has been approved by a moderator.

Name:
Email:
Verification:
Please leave this box empty:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Shortcuts: ALT+S post or ALT+P preview