Author Topic: How about Windows YubiKey server?  (Read 11928 times)

JustGuest

  • Guest
How about Windows YubiKey server?
« on: September 06, 2010, 08:30:15 PM »
Hi,

Configuring own Yubikey validation server under Linux,
using PHP/MySQL, etc. is a very heavy task.
It is practically impossible to run Yubikey validation
server under Windows server, using Yubico-provided
PHP sources.

How about simple service-mode server, running under any
Windows, with nice GUI to manage it? Using Indy 10 libraries,
and your source code ( http://www.pepak.net/download/pkyubikey/ )
I already wrote my own server, but it is dirty and it works only
in application mode - I wasn't able to build it in service mode
(I'm beginner  in Delphi).

What do you thing about such idea? Pure-windows opensource
YubiKey validation server could be a beautiful gift for all
YubiKey users.

Kind regards,

JustGuest

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
How about Windows YubiKey server?
« Reply #1 on: September 06, 2010, 09:47:23 PM »
What exactly does a "Yubikey validation server" do? I take it it does much the same thing as my PkYoubikey library, except over TCP/IP rather than through a DLL interface. If that is so, then yes, a simple server is a possibility.

JustGuest

  • Guest
How about Windows YubiKey server?
« Reply #2 on: September 07, 2010, 06:35:11 AM »
Hi!

Thanks for reply.

Yes, Yubikey validation server is functionally equivalent to your library,
and it communicates with client by web API, for example see
http://yubico.com/demo/php-yubico.php

I defined my own API syntax, and everything works fine
except running my server as service.

I created two versions of my server: one compatible
with your library, which stores keys and users data
in Windows Registry, and another one, which uses
encrypted INI file, using TSECURITYINI class:

http://www.torry.net/vcl/system/registry/bdsecurityini.zip

Regards,

JustGuest

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
How about Windows YubiKey server?
« Reply #3 on: September 07, 2010, 07:45:18 AM »
I guess I could write a simple Validation Server.

a) I could adapt the SlimFTPD code to it, by removing all FTP stuff (basically leaving just the service + socket parts) and substituting it with a call to PkYubikey.dll. That way I would get a proven service which could be adapted to any kind of users data storage simply by replacing the library.

b) If you send me your stand-alone application, I might be able to adapt it to a service - it's not that difficult to write a service in Delphi, you just need to take care of several "gotcha's".

Version B should take much less time. Or at least I would be able to quickly tell you that I can't do it.

JustGuest

  • Guest
How about Windows YubiKey server?
« Reply #4 on: September 07, 2010, 07:58:35 AM »
Hi,

Please, tell me your e-mail address, where my source codes could be sent.

Regards,

JustGuest

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
How about Windows YubiKey server?
« Reply #5 on: September 07, 2010, 08:04:33 AM »
forum *at* pepak.net

JustUser

  • Guest
How about Windows YubiKey server?
« Reply #6 on: September 07, 2010, 08:17:15 AM »
Hi,

Sources sent.

Server expects http call in form

http://serveraddress:portnumber/?heregoestheotpsequence

and replies with only two responses:

status=OK
status=BAD_OTP

Regards,

JustUser

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Note: this post will not display until it's been approved by a moderator.
Name: Email:
Verification:
This box must be left blank:

Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture: