forked from mludvig/yubikey-ldap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
85 lines (58 loc) · 2.1 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
yubikey-ldap tool
=================
This tool simplifies the management of YubiKeys stored in LDAP
for user authentication. It can easily do the following:
* Add/Remove 'yubiKeyId' attribute to/from users
* Search for users who have a yubiKeyId assigned
That's about it, really :)
Behind the scenes it does a little more to facilitate the above:
* Autocompletes usernames
* Adds 'yubiKeyUser' objectClass to the user's record before when needed
YubiKey LDAP schema
-------------------
As a prerequisite the YubiKey LDAP schema must be installed in your
server. Refer to 'ldap-schema/README' for more details.
Configuration
-------------
At the moment the config file 'yubikey-ldap.conf' must be in your current
working directory at the time you launch yubikey-ldap. Later on we will
add some more intelligence and configurable config location.
Use the provided 'yubikey-ldap.conf.sample' as a template.
LDAP Password
-------------
The LDAP bind password is not stored in the configuration. The script
will prompt for the password during startup.
Example
-------
$HOME/yubikey-ldap # ./yubikey-ldap
Use <Ctrl+D> to exit at any time
Use <Enter> to return one level up
Enter username (<tab> to autocomplete) or YubiKey Id to manage
Username or YubiKey: test<TAB>
Username or YubiKey: test.user
Test User [test.user] has no assigned YubiKeys
(a) add / <Enter> change user
Command: a
Enter YubiKey ID (12 chars minimum, best way is to touch the key)
YubiKey ID: ccccccbhkiivinkrcvfkdkttbfjkhtvggnvdchfjkvgt
Assigning YubiKey 'ccccccbhkiiv' to 'test.user'
Commit? [Y/n] <Enter>
Test User [test.user] has 1 assigned YubiKey
1) ccccccbhkiiv
(a) add / (d) delete / <Enter> change user
Command: d
Test User [test.user] has 1 assigned YubiKey
1) ccccccbhkiiv
Enter YubiKey or the index number. Enter when done.
YubiKey to Delete: 1
Test User [test.user] has no assigned YubiKeys
(a) add / <Enter> change user
Command: <Ctrl+D>
$HOME/yubikey-ldap #
Credits
-------
Have you found this tool useful?
Please consider a small PayPal donation at:
http://logix.cz/michal/devel/yubikey-ldap/
Thanks!
Michal Ludvig <[email protected]>