Toolbox

Our Emperor Sponsors

  • InternetNZ
  • Google
  • IBM
  • HP

<-- Back to schedule

Yubikey authentication in a mid-sized organisation

Time:11:30 - 12:15
Day:Thursday 21 January 2010
Location:Renouf 2 (MFC)
Project: yubikey server

Yubico's yubikey are an open-implemention of a One Time Password authentication system that hits a sweet-spot between usability and security. For implementation in a small to medium sized organisation (such as a university school) it is prudent to run a local server to administer users and their issued yubikeys.

During this presentation, I will be demonstrating: how a yubikey works; how to reprogram a yubikey with your own AES 128-bit key and IDs; an open-source server I have written in C to authenticate yubikeys; and how to add yubikey authentication to a web site and to SSH (via PAM).

The yubikey server C code will be examined demonstrating principles of: connecting to and querying a PostgreSQL database; authenticating via Pluggable Authentication Modules (PAM); emulating an LDAP servers bind method; performing Secure Socket Layer (SSL) communications; and other C stuff, such as logging errors, parsing a config file, handling many simultaneous connections etc.

Robert (Bob) Edwards

Bob Edwards has been Chief I.T. Officer in School of Computer Science at Australian National University in Canberra, Australia for past 10 years and before that a Robotics Engineer in the Department of Engineering at ANU. Bob has been deploying Linux desktops within each of those areas for the past 12 years.

Bob also teaches into various programs and courses at ANU and has been responsible for delivering the Computer Networks course (3rd year U/G and at Masters level) for the past 7 years, as well as co-teaching the inaugural FOSS Development course with Andrew Tridgell at Masters level in April of 2009. He has also taught Operating Systems and Microprocessor Electronics.

Bob has written patches for rsync and has been maintaining a custom iptables filter for production use in teaching labs with both kernel and userspace patches.

Bob has also written and maintains a 40,000 LoC web-based Administrative Information System using PostgreSQL and PHP.

Bob is actively involved in the local Linux User Group (CLUG).