Hi,
Configuring own Yubikey validation server under Linux,
using PHP/MySQL, etc. is a very heavy task.
It is practically impossible to run Yubikey validation
server under Windows server, using Yubico-provided
PHP sources.
How about simple service-mode server, running under any
Windows, with nice GUI to manage it? Using Indy 10 libraries,
and your source code ( http://www.pepak.net/download/pkyubikey/ )
I already wrote my own server, but it is dirty and it works only
in application mode - I wasn't able to build it in service mode
(I'm beginner in Delphi).
What do you thing about such idea? Pure-windows opensource
YubiKey validation server could be a beautiful gift for all
YubiKey users.
Kind regards,
JustGuest
What exactly does a "Yubikey validation server" do? I take it it does much the same thing as my PkYoubikey library, except over TCP/IP rather than through a DLL interface. If that is so, then yes, a simple server is a possibility.
Hi!
Thanks for reply.
Yes, Yubikey validation server is functionally equivalent to your library,
and it communicates with client by web API, for example see
http://yubico.com/demo/php-yubico.php
I defined my own API syntax, and everything works fine
except running my server as service.
I created two versions of my server: one compatible
with your library, which stores keys and users data
in Windows Registry, and another one, which uses
encrypted INI file, using TSECURITYINI class:
http://www.torry.net/vcl/system/registry/bdsecurityini.zip
Regards,
JustGuest
I guess I could write a simple Validation Server.
a) I could adapt the SlimFTPD code to it, by removing all FTP stuff (basically leaving just the service + socket parts) and substituting it with a call to PkYubikey.dll. That way I would get a proven service which could be adapted to any kind of users data storage simply by replacing the library.
b) If you send me your stand-alone application, I might be able to adapt it to a service - it's not that difficult to write a service in Delphi, you just need to take care of several "gotcha's".
Version B should take much less time. Or at least I would be able to quickly tell you that I can't do it.
Hi,
Please, tell me your e-mail address, where my source codes could be sent.
Regards,
JustGuest
forum *at* pepak.net
Hi,
Sources sent.
Server expects http call in form
http://serveraddress:portnumber/?heregoestheotpsequence
and replies with only two responses:
status=OK
status=BAD_OTP
Regards,
JustUser