Alessio Periloso

YubiServe 2.0

The YubiServe project reaches version 2.0.
It started as a lightweight validation server, based on python, sqlite, php and apache; but the needing of a whole webserver like apache and the php modules too, wasn’t really “lightweight”… so the entire code has been rewritten.
Now, with 2.0 release, all the requirements have been dropped down to only python-sqlite and python-crypto packages. It now supports the standard Yubico validation protocol 2.0 and the whole web appliance is self contained in a single python file.

The key features are:

  • It is an integrated web appliance to authenticate tokens. It supports both OATH Tokens and Yubico Yubikeys.
  • Simple to use
  • Integrated web appliance, so, no apache, java, php or mysql installation is required
  • Threaded webserver for improved performances
  • 100% compatible with Yubico validation protocol 2.0
  • HMAC SHA-1 signatures to authenticate the server response using your API Key
  • Delayed OTP checks (Yubico Yubikey only: OATH implementation doesn’t allow such check)

Same queries as Yubico Validation Servers are used, so porting your applications to this server really just need changing the http addresses.

Improvements were made about performances (it uses several threads!), and the OATH/HOTP support has been added.
After removing the copyrighted parts (some PHP functions were a Yubico copyright), everything has been released under the GNU/GPL license.
A lot of documentation has been added to the Google Code Project, so it should be really easy to understand how it works, and to configure and use it.

More informations and source code at Google Code Project: Yubico-YubiServe

Leave a Reply