plugins/Yubikey.php
author Dan Fuhry <dan@enanocms.org>
Fri, 11 Nov 2011 00:33:28 -0500
changeset 38 d109af008343
parent 37 5e946a3f405b
permissions -rw-r--r--
SECURITY: Fixed ability to log into an account with someone else's Yubikey...
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
     1
<?php
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
     2
/**!info**
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
     3
{
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
     4
	"Plugin Name"  : "Yubikey authentication",
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
     5
	"Plugin URI"   : "http://enanocms.org/plugin/yubikey",
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
     6
	"Description"  : "Allows authentication to Enano via Yubico's Yubikey, a one-time password device.",
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
     7
	"Author"       : "Dan Fuhry",
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
     8
	"Version"      : "1.1.7",
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
     9
	"Author URI"   : "http://enanocms.org/",
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    10
	"Auth plugin"  : true
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    11
}
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    12
**!*/
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    13
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    14
// Include files
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    15
require( ENANO_ROOT . '/plugins/yubikey/corelib.php' );
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    16
require( ENANO_ROOT . '/plugins/yubikey/admincp.php' );
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    17
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    18
if ( getConfig('yubikey_enable', '1') == '1' )
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    19
{
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    20
	require( ENANO_ROOT . '/plugins/yubikey/auth.php' );
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    21
	require( ENANO_ROOT . '/plugins/yubikey/usercp.php' );
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    22
}
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    23
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    24
// Install schema: MySQL
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    25
/**!install dbms="mysql"; **
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    26
CREATE TABLE {{TABLE_PREFIX}}yubikey(
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    27
	yubi_id int(12) NOT NULL auto_increment,
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    28
	user_id mediumint(8) NOT NULL DEFAULT 1,
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    29
	yubi_uid char(12) NOT NULL DEFAULT '____________',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    30
	PRIMARY KEY ( yubi_id )
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    31
) ENGINE `MyISAM` CHARACTER SET `utf8` COLLATE `utf8_bin`;
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    32
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    33
ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint(3) NOT NULL DEFAULT 0;
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    34
**!*/
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    35
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    36
// Install schema: PostgreSQL
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    37
/**!install dbms="postgresql"; **
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    38
CREATE TABLE {{TABLE_PREFIX}}yubikey(
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    39
	yubi_id SERIAL,
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    40
	user_id int NOT NULL DEFAULT 1,
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    41
	yubi_uid char(12) NOT NULL DEFAULT '____________',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    42
	PRIMARY KEY ( yubi_id )
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    43
);
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    44
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    45
ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_yubikey_flags smallint NOT NULL DEFAULT 0;
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    46
**!*/
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    47
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    48
// Uninstall schema
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    49
/**!uninstall**
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    50
DROP TABLE {{TABLE_PREFIX}}yubikey;
1
86d41fd204a0 Typo! STOP -> DROP. See Spot run. Spot runs to the house. Spot licks Dick. Dick pets Spot.
Dan
parents: 0
diff changeset
    51
ALTER TABLE {{TABLE_PREFIX}}users DROP user_yubikey_flags;
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    52
**!*/
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    53
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    54
/**!language**
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    55
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    56
The following text up to the closing comment tag is JSON language data.
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    57
It is not PHP code but your editor or IDE may highlight it as such. This
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    58
data is imported when the plugin is loaded for the first time; it provides
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    59
the strings displayed by this plugin's interface.
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    60
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    61
You should copy and paste this block when you create your own plugins so
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    62
that these comments and the basic structure of the language data is
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    63
preserved. All language data is in the same format as the Enano core
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    64
language files in the /language/* directories. See the Enano Localization
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    65
Guide and Enano API Documentation for further information on the format of
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    66
language files.
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    67
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    68
The exception in plugin language file format is that multiple languages
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    69
may be specified in the language block. This should be done by way of making
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    70
the top-level elements each a JSON language object, with elements named
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    71
according to the ISO-639-1 language they are representing. The path should be:
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    72
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    73
	root => language ID => categories array, ( strings object => category \
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    74
	objects => strings )
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    75
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    76
All text leading up to first curly brace is stripped by the parser; using
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    77
a code tag makes jEdit and other editors do automatic indentation and
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    78
syntax highlighting on the language data. The use of the code tag is not
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    79
necessary; it is only included as a tool for development.
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    80
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    81
<code>
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
    82
{
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    83
	// english
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    84
	eng: {
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    85
		categories: [ 'meta', 'yubiauth', 'yubiucp', 'yubiacp' ],
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    86
		strings: {
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    87
			meta: {
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    88
				yubiauth: 'Yubikey authentication messages',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    89
				yubiucp: 'Yubikey user CP',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    90
				yubiacp: 'Yubikey admin CP',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    91
			},
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    92
			yubiauth: {
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    93
				msg_please_touch_key: 'Please touch your Yubikey',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    94
				msg_close_instructions: 'or press <tt>Esc</tt>',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    95
				msg_invalid_chars: 'OTP contains invalid characters',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    96
				msg_too_long: 'OTP is too long',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    97
				msg_validating_otp: 'Validating OTP...',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    98
				msg_otp_valid: 'OTP validated',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
    99
				btn_enter_otp: 'Log in with Yubikey',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   100
				lbl_otp_field: 'Yubikey OTP:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   101
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   102
				ctl_btn_change_key: 'Change key',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   103
				ctl_btn_clear: 'Clear',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   104
				ctl_btn_enroll: 'Enroll',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   105
				ctl_status_enrolled_pending: 'Enrolled (pending)',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   106
				ctl_status_empty: 'Not enrolled',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   107
				ctl_status_remove_pending: 'Removed (pending)',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   108
				ctl_status_enrolled: 'Enrolled',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   109
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   110
				err_invalid_otp: 'Your login was rejected because the Yubikey OTP you entered contains invalid characters.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   111
				err_invalid_auth_url: 'Login with Yubikey was rejected because the URL to the authentication server is not valid.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   112
				err_nothing_provided: 'You did not provide a Yubikey OTP or a username. One of these is required for login to work.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   113
				err_must_have_otp: 'Please provide a Yubikey OTP to log in to this account.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   114
				err_must_have_username: 'Please provide your username.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   115
				err_must_have_password: 'Please enter your password in addition to your username and Yubikey.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   116
				err_key_not_authorized: 'This Yubikey is not authorized on this site.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   117
				err_otp_invalid_chars: '%this.yubiauth_err_invalid_otp%',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   118
				err_http_failed: 'Your OTP could not be validated because the authentication server could not be contacted. Technical error message: %http_error%',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   119
				err_missing_api_key: 'Your OTP could not be validated because no Yubico API key is registered on this site.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   120
				err_http_response_error: 'Your OTP could not be validated because the Yubico authentication server reported an error.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   121
				err_malformed_response: 'Your OTP could not be validated because the Yubico authentication server returned an unexpected response.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   122
				err_timestamp_check_failed: 'Your OTP could not be validated because the timestamp of the response from the Yubico authentication server was out of bounds.',
38
d109af008343 SECURITY: Fixed ability to log into an account with someone else's Yubikey...
Dan Fuhry <dan@enanocms.org>
parents: 37
diff changeset
   123
				err_uid_mismatch: 'This Yubikey is registered to a different user account than the one you are trying to log into.',
37
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   124
				err_response_missing_sig: 'Your OTP could not be validated because the Yubico authentication server did not sign its response.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   125
				err_response_invalid_sig: 'Your OTP could not be validated because the signature of the authentication response was invalid.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   126
				err_response_missing_status: '%this.yubiauth_err_malformed_response%',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   127
				err_response_ok: 'OTP is OK',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   128
				err_response_bad_otp: 'Authentication failed because the Yubikey OTP is invalid.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   129
				err_response_replayed_otp: 'Authentication failed because the Yubikey OTP you entered has been used before.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   130
				err_response_bad_signature: 'Authentication failed because the Yubico authentication server reported an invalid signature.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   131
				err_response_missing_parameter: 'Authentication failed because of a Dan Fuhry error.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   132
				err_response_no_such_client: 'Authentication failed because the Yubikey you used is not registered with Yubico.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   133
				err_response_operation_not_allowed: 'Authentication failed because the Enano server was denied the request to validate the OTP.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   134
				err_response_backend_error: 'Authentication failed because an unexpected problem happened with the Yubico server.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   135
				err_response_security_error: 'Authentication failed because the Yubico authentication server reported an unknown security error.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   136
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   137
				specialpage_yubikey: 'Yubikey API'
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   138
			},
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   139
			yubiucp: {
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   140
				panel_title: 'Yubikey settings',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   141
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   142
				msg_save_title: 'Yubikey preferences saved',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   143
				msg_save_body: 'Your preferences have been saved. You will be transferred back to the User CP momentarily.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   144
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   145
				field_enable_title: 'Enable Yubikey support on my account:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   146
				field_enable_hint: 'Disabling support will remove any keys that are enrolled for your account.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   147
				field_enable: 'Enabled',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   148
				field_keys_title: 'Enrolled Yubikeys:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   149
				field_keys_hint: 'Enroll a Yubikey to allow it to log into your account.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   150
				field_keys_maximum: 'You can enroll up to %max% Yubikeys.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   151
				field_normal_flags: 'When logging in, ask me for:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   152
				field_elev_flags: 'When performing sensitive operations, require:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   153
				field_flags_keyonly: 'Just my Yubikey',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   154
				field_flags_username: 'My Yubikey and username',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   155
				field_flags_userandpw: 'My <acronym title="Two factor authentication">Yubikey, username and password</acronym>',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   156
				field_allow_plain_login: 'Allow me to log in without my Yubikey',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   157
				field_allow_plain_login_hint: 'If this option is turned off, you will be unable to access your account if all of your enrolled Yubikeys become lost or broken. However, turning this option off provides greater security.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   158
				err_double_enrollment: 'One of the Yubikeys you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   159
				err_double_enrollment_single: 'The Yubikey you tried to enroll is already enrolled on another account on this website. A single Yubikey can only be associated with one account at a time.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   160
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   161
				reg_field_otp: 'Enroll a <a href="http://www.yubico.com/products/yubikey" onclick="window.open(this.href); return false;">Yubikey</a>:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   162
				reg_field_otp_hint_optional: 'If you have a Yubikey, you can authorize it for use in your new account here.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   163
				reg_field_otp_hint_required: 'Please enroll a Yubikey here to create an account. This is a required step.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   164
				reg_err_otp_required: 'Please enroll a Yubikey to register on this site.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   165
				reg_err_otp_invalid: 'Your Yubikey OTP failed to validate.'
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   166
			},
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   167
			yubiacp: {
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   168
				th: 'Yubikey authentication',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   169
				field_enable_title: 'Yubikey support:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   170
				field_enable: 'Enable Yubikey authentication',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   171
				field_api_key: 'Yubico API key:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   172
				field_api_key_id: 'Yubico numeric ID:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   173
				field_auth_server: 'Authentication server URL:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   174
				field_enroll_limit: 'Number of enrolled keys permitted per account:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   175
				field_reg_require_otp_title: 'Yubikey required for registration:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   176
				field_reg_require_otp_hint: 'If this is enabled, users will be asked to enroll a Yubikey during registration. The enrolled Yubikey will be authorized for the new account.',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   177
				field_reg_require_otp: 'Require Yubikey during registration',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   178
				field_use_local_pre: 'Or:',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   179
				field_use_local: 'Use local YMS',
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   180
				
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   181
				err_invalid_auth_server: 'The URL to the Yubikey authentication server that you entered is invalid.'
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   182
			}
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   183
		}
5e946a3f405b Converted to tabs
Dan Fuhry <dan@enanocms.org>
parents: 35
diff changeset
   184
	}
0
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
   185
}
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
   186
</code>
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
   187
**!*/
9d2c4f04a0d0 First commit! Hoping everything works.
Dan
parents:
diff changeset
   188