mod_authn_yubikey provides the following configuration directives:
- AuthYubiKeyTimeout (Default 43200 seconds [12h])
- AuthYubiKeyTmpFile (Default conf/ykTmpDb)
- AuthYubiKeyUserFile (Default conf/ykUserDb)
- AuthYubiKeyRequireSecure (Default On)
- AuthYubiKeyExternalErrorPage (Default Off)
The AuthYubiKeyTimeout directive specifies an absolute timeout since the user last logged in. This means, that if the timeout is set to 120 seconds, the user has to log in again after 120 seconds of using the page. This is a hard timeout which is not renewed as the user is working with the page.
The default value is 43200 seconds (12h)
The AuthYubiKeyTmpFile directive specifies the temporary file which is used to store authenticated users. If a user successfully authenticates, the authentication time is stored within this file. It is used to determine when the user logged in last.
The default value is $SERVER_ROOT/conf/ykTmpDb
Remember, if you specify the location of the file, mention that if you configure it to /tmp on UNIX systems, that possibly everyone can view that file.
The AuthYubiKeyUserFile directive is the file which is responsible for the tokenid/username mapping. Additionally it is required for users to be present with their Yubikey id within this file to access the site protected by mod_authn_yubikey .
The default value is $SERVER_ROOT/conf/ykUserDb
The AuthYubiKeyRequireSecure directive takes care of users using https with your selected target. This is especially useful if you are authenticating users with two factors (password AND yubikey), since the password and the token itself are just Base64 encoded when they are sent back to the server authenticating the user.
The default value is On (secure connection required)
The AuthYubiKeyExternalErrorPage directive let’s you specify an error page different from the built in error page, so that you are able to design your own. By using the ErrorDocument directive within your configuration you can even redirect the user to a site not residing on you machine.
The default value is Off (built in error page used)