ykrlm-config.cfg

#
# Settings for FreeRADIUS authentication of users using YubiKeys.
#

# Length in characters of the public ID part of Yubikeys
#$id_len = 12;

# List of URLs to use for YubiKey OTP validation
# By default rlm_yubico will target the YubiCloud sync pool:
#$verify_urls = [
#	"https://api.yubico.com/wsapi/2.0/verify",
#	"https://api2.yubico.com/wsapi/2.0/verify",
#	"https://api3.yubico.com/wsapi/2.0/verify",
#	"https://api4.yubico.com/wsapi/2.0/verify",
#	"https://api5.yubico.com/wsapi/2.0/verify",
#];
#
# It can easily be configured to use a different pool, like a server
# running on localhost:
#$verify_urls = [ "http://127.0.0.1/wsapi/2.0/verify" ];

# Client ID and API key for use with the YubiKey validation service.
# For use with the YubiCloud, you can get an API key here:
# https://upgrade.yubico.com/getapikey/
#$client_id = 1;
#$api_key = "";

# If set to 1, a user with no YubiKey assigned can authenticate using 
# any valid YubiKey OTP, which will then cause that key to be assigned 
# to the user.
#$allow_auto_provisioning = 1;

# If set to 1, allows a user to omit the username when logging in with
# an already provisioned YubiKey.
#$allow_userless_login = 0;

# Defines who is required to provide a YubiKey OTP when logging in.
# The available levels are:
# 0 = Permissive. OTPs are not required to authenticate, by anyone.
#
# 1 = Require when provisioned. OTPs are required by all users that 
# have a YubiKey assigned to them.
#
# 2 = Always require. OTPs are required by all users. If no YubiKey 
# has been assigned, that user cannot log in, unless auto-provisioning 
# is enabled.
#
#$security_level = 0;

# Sets the location of a file containing username to YubiKey mappings.
# Each line of this file should start with a username, followed by : and 
# then a comma separated list of public IDs. Lines starting with # or blank
# lines are ignored.
#$mapping_file = "/etc/yubico/rlm/ykmapping";